These loops can take a lot of time if count is very large.
Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
libavformat/nutdec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index e979ee6..ad61d7e 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -524,6 +524,10 @@ static int decode_info_header(NUTContext *nut)
}
for (i = 0; i < count; i++) {
+ if (bc->eof_reached) {
+ av_log(s, AV_LOG_ERROR, "reached EOF while decoding info
header\n");
+ return AVERROR_INVALIDDATA;
+ }
get_str(bc, name, sizeof(name));
value = get_s(bc);
str_value[0] = 0;
@@ -849,6 +853,10 @@ static int read_sm_data(AVFormatContext *s, AVIOContext
*bc, AVPacket *pkt, int
int value;
if (avio_tell(bc) >= maxpos)
return AVERROR_INVALIDDATA;
+ if (bc->eof_reached) {
+ av_log(s, AV_LOG_ERROR, "reached EOF while reading sm data\n");
+ return AVERROR_INVALIDDATA;
+ }
get_str(bc, name, sizeof(name));
value = get_s(bc);
--
2.1.4
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
