From 99c7b516414e76c90446a865ca5a02df3117f694 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Wed, 3 Aug 2011 20:09:53 +0200 Subject: [PATCH] Abort if command offset decreases, avoids potential endless loop. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Reimar Döffinger --- libavcodec/dvdsubdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index 27a33eaef2..1c3d75e2e3 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -344,6 +344,10 @@ static int decode_dvd_subtitles(AVSubtitle *sub_header, sub_header->rects[0]->pict.linesize[0] = w; } } + if (next_cmd_pos < cmd_pos) { + av_log(NULL, AV_LOG_ERROR, "Invalid command offset\n"); + break; + } if (next_cmd_pos == cmd_pos) break; cmd_pos = next_cmd_pos;