RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-03-01 02:00:50 +00:00
Code Issues Projects Releases Wiki Activity

oma: correctly mark and decrypt partial packets

Browse Source 
Incomplete crypted files would lead to a read after buffer boundary
otherwise.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This commit is contained in:
Luca Barbato 2013-04-17 21:19:23 +02:00
parent 9d0b45ade8
commit 2219e27b5b
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libavformat/omadec.c
View File

@ -405,6 +405,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
int packet_size = s->streams[0]->codec->block_align; int packet_size = s->streams[0]->codec->block_align;
int ret = av_get_packet(s->pb, pkt, packet_size); int ret = av_get_packet(s->pb, pkt, packet_size);
if (ret < packet_size)
pkt->flags |= AV_PKT_FLAG_CORRUPT;
if (ret < 0) if (ret < 0)
return ret; return ret;
if (!ret) if (!ret)
@ -415,8 +418,11 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
if (oc->encrypted) { if (oc->encrypted) {
/* previous unencrypted block saved in IV for /* previous unencrypted block saved in IV for
* the next packet (CBC mode) */ * the next packet (CBC mode) */
av_des_crypt(&oc->av_des, pkt->data, pkt->data, if (ret == packet_size)
(packet_size >> 3), oc->iv, 1); av_des_crypt(&oc->av_des, pkt->data, pkt->data,
(packet_size >> 3), oc->iv, 1);
else
memset(oc->iv, 0, 8);
} }
return ret; return ret;