mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-24 00:02:52 +00:00
smacker: check frame size validity
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This commit is contained in:
parent
58c95448e4
commit
ee16a0ced0
@ -304,10 +304,14 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
|
|||||||
/* if audio chunks are present, put them to stack and retrieve later */
|
/* if audio chunks are present, put them to stack and retrieve later */
|
||||||
for(i = 0; i < 7; i++) {
|
for(i = 0; i < 7; i++) {
|
||||||
if(flags & 1) {
|
if(flags & 1) {
|
||||||
int size;
|
uint32_t size;
|
||||||
uint8_t *tmpbuf;
|
uint8_t *tmpbuf;
|
||||||
|
|
||||||
size = avio_rl32(s->pb) - 4;
|
size = avio_rl32(s->pb) - 4;
|
||||||
|
if (!size || size > frame_size) {
|
||||||
|
av_log(s, AV_LOG_ERROR, "Invalid audio part size\n");
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
}
|
||||||
frame_size -= size;
|
frame_size -= size;
|
||||||
frame_size -= 4;
|
frame_size -= 4;
|
||||||
smk->curstream++;
|
smk->curstream++;
|
||||||
|
Loading…
Reference in New Issue
Block a user