RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-03-06 04:28:38 +00:00
Code Issues Projects Releases Wiki Activity

stop parsing if tag size is wrongly < 8 to avoid infinite loop

Browse Source 
Originally committed as revision 15401 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Baptiste Coudurier 2008-09-24 18:55:00 +00:00
parent f2d65a6c8a
commit 4e240985d8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/mov.c
View File

@ -1379,7 +1379,7 @@ static int mov_read_udta(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
uint32_t tag = get_le32(pb); uint32_t tag = get_le32(pb);
uint64_t next = url_ftell(pb) + tag_size - 8; uint64_t next = url_ftell(pb) + tag_size - 8;
if (next > end) // stop if tag_size is wrong if (tag_size < 8 || next > end) // stop if tag_size is wrong
break; break;
switch (tag) { switch (tag) {