ffmpeg | branch: release/2.8 | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Wed Jan 6 19:21:49 2016 +0100| [d640bc75459d7e7ad7636ecc9a8f3cfd51fc6eb2] | committer: Andreas Cadhalpun
asfdec_o: check for too small size in asf_read_unknown This fixes infinite loops due to seeking back. Reviewed-by: Alexandra Hájková <alexandra.khirn...@gmail.com> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> (cherry picked from commit c29e87ad55a2be29cc8ac5c0e047512c1f5d34d4) Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d640bc75459d7e7ad7636ecc9a8f3cfd51fc6eb2 --- libavformat/asfdec_o.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c index f8e5e1e..d8c4869 100644 --- a/libavformat/asfdec_o.c +++ b/libavformat/asfdec_o.c @@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g) if ((ret = detect_unknown_subobject(s, asf->unknown_offset, asf->unknown_size)) < 0) return ret; - } else + } else { + if (size < 24) { + av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size); + return AVERROR_INVALIDDATA; + } avio_skip(pb, size - 24); + } return 0; } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
