ffmpeg | branch: master | Paul B Mahol <one...@gmail.com> | Mon Nov 6 21:00:08 2017 +0100| [a29a0aba79dad35a80cfcdf6db6b506afb48dcaa] | committer: Paul B Mahol
avformat/ty: do not overread chunk Signed-off-by: Paul B Mahol <one...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a29a0aba79dad35a80cfcdf6db6b506afb48dcaa --- libavformat/ty.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/ty.c b/libavformat/ty.c index 3926d3e9b7..1ce72dd0f9 100644 --- a/libavformat/ty.c +++ b/libavformat/ty.c @@ -249,7 +249,11 @@ static int analyze_chunk(AVFormatContext *s, const uint8_t *chunk) * in MPEG packets to determine tivo_type */ if (ty->tivo_type == TIVO_TYPE_UNKNOWN) { uint32_t data_offset = 16 * num_recs; + for (i = 0; i < num_recs; i++) { + if (data_offset + hdrs[i].rec_size > CHUNK_SIZE) + break; + if ((hdrs[i].subrec_type << 0x08 | hdrs[i].rec_type) == 0x3c0 && hdrs[i].rec_size > 15) { /* first make sure we're aligned */ int pes_offset = find_es_header(ty_MPEGAudioPacket, _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
