virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity

asfdec: check ff_get_guid() return values during seeking

Browse Source 
Hitting EOF during seeking is quite likely. Fixes use of uninitialized
data during fate-seek-lavf-asf.
This commit is contained in:
Janne Grunau 2014-02-11 15:13:31 +01:00
parent 462d5e8e6c
commit 0ebb523f07
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
libavformat/asfdec.c
View File

@ -1387,33 +1387,35 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index,
return pts;
}
static void asf_build_simple_index(AVFormatContext *s, int stream_index)
static int asf_build_simple_index(AVFormatContext *s, int stream_index)
{
ff_asf_guid g;
ASFContext *asf = s->priv_data;
int64_t current_pos = avio_tell(s->pb);
int i;
int i, ret = 0;
avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET);
ff_get_guid(s->pb, &g);
if ((ret = ff_get_guid(s->pb, &g)) < 0)
goto end;
/* the data object can be followed by other top-level objects,
* skip them until the simple index object is reached */
while (ff_guidcmp(&g, &index_guid)) {
int64_t gsize = avio_rl64(s->pb);
if (gsize < 24 || s->pb->eof_reached) {
avio_seek(s->pb, current_pos, SEEK_SET);
return;
goto end;
}
avio_skip(s->pb, gsize - 24);
ff_get_guid(s->pb, &g);
if ((ret = ff_get_guid(s->pb, &g)) < 0)
goto end;
}
{
int64_t itime, last_pos = -1;
int pct, ict;
int64_t av_unused gsize = avio_rl64(s->pb);
ff_get_guid(s->pb, &g);
if ((ret = ff_get_guid(s->pb, &g)) < 0)
goto end;
itime = avio_rl64(s->pb);
pct = avio_rl32(s->pb);
ict = avio_rl32(s->pb);
@ -1436,7 +1438,11 @@ static void asf_build_simple_index(AVFormatContext *s, int stream_index)
}
asf->index_read = ict > 0;
}
end:
if (s->pb->eof_reached)
ret = 0;
avio_seek(s->pb, current_pos, SEEK_SET);
return ret;
}
static int asf_read_seek(AVFormatContext *s, int stream_index,
@ -1445,7 +1451,7 @@ static int asf_read_seek(AVFormatContext *s, int stream_index,
ASFContext *asf = s->priv_data;
AVStream *st = s->streams[stream_index];
int64_t pos;
int index;
int index, ret = 0;
if (s->packet_size <= 0)
return -1;
@ -1460,9 +1466,9 @@ static int asf_read_seek(AVFormatContext *s, int stream_index,
}
if (!asf->index_read)
asf_build_simple_index(s, stream_index);
ret = asf_build_simple_index(s, stream_index);
if ((asf->index_read && st->index_entries)) {
if (!ret && asf->index_read && st->index_entries) {
index = av_index_search_timestamp(st, pts, flags);
if (index >= 0) {
/* find the position */