On 05.01.2016 13:26, Andreas Cadhalpun wrote: > Both avio_skip and detect_unknown_subobject use int64_t for the size > parameter. > > This fixes a segmentation fault due to infinite recursion. > > Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > --- > libavformat/asfdec_o.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c > index 79b9ee4..02809bb 100644 > --- a/libavformat/asfdec_o.c > +++ b/libavformat/asfdec_o.c > @@ -178,6 +178,9 @@ static int asf_read_unknown(AVFormatContext *s, const > GUIDParseTable *g) > uint64_t size = avio_rl64(pb); > int ret; > > + if (size > INT64_MAX) > + return AVERROR_INVALIDDATA; > + > if (asf->is_header) > asf->unknown_size = size; > asf->is_header = 0; >
Pushed now, as Alexandra (the author over at Libav) seems fine with it. Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
