On Thu, Nov 07, 2019 at 10:25:31PM +0100, Michael Niedermayer wrote: > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavformat/mp3dec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/mp3dec.c b/libavformat/mp3dec.c > index 258f19174b..6848415657 100644 > --- a/libavformat/mp3dec.c > +++ b/libavformat/mp3dec.c > @@ -91,7 +91,7 @@ static int mp3_read_probe(const AVProbeData *p) > > header = AV_RB32(buf2); > ret = avpriv_mpegaudio_decode_header(&h, header); > - if (ret != 0) > + if (ret != 0 || end - buf2 < h.frame_size)
I think it's unneed to do the extra checking, as the buf2 will add the h.frame_size in the next code, it'll break still if buf2 > end for the for condition. > break; > buf2 += h.frame_size; > framesizes += h.frame_size; > -- > 2.23.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
