Re: [FFmpeg-devel] [PATCH] avcodec/cfhd: Check the number of tag/value pairs

Thu, 11 Feb 2016 16:02:28 -0800 

On Thu, 11 Feb 2016 at 21:12 Michael Niedermayer <mich...@niedermayer.cc>
wrote:

> Fixes potentially long loop
> Fixes: CID1351382/11
>
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
>  libavcodec/cfhd.c |    5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
> index 2436aae..5ecfcef 100644
> --- a/libavcodec/cfhd.c
> +++ b/libavcodec/cfhd.c
> @@ -344,6 +344,11 @@ static int cfhd_decode(AVCodecContext *avctx, void
> *data, int *got_frame,
>              break;
>          } else if (tag == 2) {
>              av_log(avctx, AV_LOG_DEBUG, "tag=2 header - skipping %i
> tag/value pairs\n", data);
> +            if (data > bytestream2_get_bytes_left(&gb) / 4) {
> +                av_log(avctx, AV_LOG_ERROR, "too many tag/value pairs
> (%d)\n", data);
> +                ret = AVERROR_INVALIDDATA;
> +                break;
> +            }
>              for (i = 0; i < data; i++) {
>                  uint16_t tag2 = bytestream2_get_be16(&gb);
>                  uint16_t val2 = bytestream2_get_be16(&gb);
> --
> 1.7.9.5
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel


Ok
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to