Fixes: out of array read
Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a
Found-by: Paul Ch <paulc...@icloud.com>
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavformat/mms.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavformat/mms.c b/libavformat/mms.c
index 17fa76a8d4..036046dc37 100644
--- a/libavformat/mms.c
+++ b/libavformat/mms.c
@@ -143,6 +143,12 @@ int ff_mms_asf_header_parser(MMSContext *mms)
}
} else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
chunksize = 46; // see references [2] section 3.4. This should be
set 46.
+ if (chunksize > end - p) {
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (header chunksize %"PRId64" is invalid)\n",
+ chunksize);
+ return AVERROR_INVALIDDATA;
+ }
}
p += chunksize;
}
--
2.18.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
