spdif probing beyond data_end

Carl Eugen Hoyos Wed, 15 Jan 2020 04:40:23 -0800

Am Mi., 15. Jan. 2020 um 11:56 Uhr schrieb Nicolas Gaullier
<nicolas.gaullier@cji.paris>:
>
> ---
>  libavformat/wavdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c
> index 3571733817..d8a27c79cf 100644
> --- a/libavformat/wavdec.c
> +++ b/libavformat/wavdec.c
> @@ -77,7 +77,7 @@ static void set_spdif_s337m(AVFormatContext *s, 
> WAVDemuxContext *wav)
>                  ret = AVERROR(ENOMEM);
>              } else {
>                  int64_t pos = avio_tell(s->pb);
> -                len = ret = avio_read(s->pb, buf, len);
> +                len = ret = avio_read(s->pb, buf, FFMIN(len, wav->data_end - 
> pos));


Sorry if this was already answered:
What exactly does this fix? Is it possible that avio_read() overreads without
this check?

Carl Eugen
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH v2 7/8] avformat/wavdec: fix s337m/spdif probing beyond data_end

Reply via email to