RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-01-27 17:53:13 +00:00
Code Issues Projects Releases Wiki Activity

Merge commit '870e75524aa0d00ebcd1d15589c8d29b84af1565'

Browse Source 
* commit '870e75524aa0d00ebcd1d15589c8d29b84af1565':
  matroskadec: validate lace_size when parsed

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-09-20 19:11:41 +02:00
commit 6902c3acb0
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
libavformat/matroskadec.c
View File

@ -1980,11 +1980,19 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
} }
total += lace_size[n]; total += lace_size[n];
} }
if (size <= total) {
res = AVERROR_INVALIDDATA;
goto end;
}
lace_size[n] = size - total; lace_size[n] = size - total;
break; break;
} }
case 0x2: /* fixed-size lacing */ case 0x2: /* fixed-size lacing */
if (size != (size / laces) * size) {
res = AVERROR_INVALIDDATA;
goto end;
}
for (n = 0; n < laces; n++) for (n = 0; n < laces; n++)
lace_size[n] = size / laces; lace_size[n] = size / laces;
break; break;
@ -1995,7 +2003,8 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (n < 0) { if (n < 0) {
av_log(matroska->ctx, AV_LOG_INFO, av_log(matroska->ctx, AV_LOG_INFO,
"EBML block data error\n"); "EBML block data error\n");
break; res = n;
goto end;
} }
data += n; data += n;
size -= n; size -= n;
@ -2007,13 +2016,18 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (r < 0) { if (r < 0) {
av_log(matroska->ctx, AV_LOG_INFO, av_log(matroska->ctx, AV_LOG_INFO,
"EBML block data error\n"); "EBML block data error\n");
break; res = r;
goto end;
} }
data += r; data += r;
size -= r; size -= r;
lace_size[n] = lace_size[n - 1] + snum; lace_size[n] = lace_size[n - 1] + snum;
total += lace_size[n]; total += lace_size[n];
} }
if (size <= total) {
res = AVERROR_INVALIDDATA;
goto end;
}
lace_size[laces - 1] = size - total; lace_size[laces - 1] = size - total;
break; break;
} }