hnm: Check *chunk_size

Michael Niedermayer Thu, 11 Jul 2024 16:35:00 -0700

Fixes: CID1604419 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavformat/hnm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


diff --git a/libavformat/hnm.c b/libavformat/hnm.c
index 42efaaa3e8b..425dadc5e31 100644
--- a/libavformat/hnm.c
+++ b/libavformat/hnm.c
@@ -114,6 +114,8 @@ static int hnm_read_packet(AVFormatContext *s, AVPacket 
*pkt)
     if (hnm->superchunk_remaining == 0) {
         /* parse next superchunk */
         superchunk_size = avio_rl24(pb);
+        if (superchunk_size < 4)
+            return AVERROR_INVALIDDATA;
         avio_skip(pb, 1);
 
         hnm->superchunk_remaining = superchunk_size - 4;
@@ -124,7 +126,7 @@ static int hnm_read_packet(AVFormatContext *s, AVPacket 
*pkt)
     chunk_id = avio_rl16(pb);
     avio_skip(pb, 2);
 
-    if (chunk_size > hnm->superchunk_remaining || !chunk_size) {
+    if (chunk_size > hnm->superchunk_remaining || chunk_size < 8) {
         av_log(s, AV_LOG_ERROR,
                "invalid chunk size: %"PRIu32", offset: %"PRId64"\n",
                chunk_size, avio_tell(pb));
-- 
2.45.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 04/22] avformat/hnm: Check *chunk_size

Reply via email to