virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avformat/nsvdec: Do not parse multiple NSVf

Browse Source 
The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421

Found-by: Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78d4b6bd43)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2018-08-16 12:23:20 +02:00
parent 4babf70c7e
commit 172bb520c9
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavformat/nsvdec.c
View File

@ -177,6 +177,7 @@ typedef struct NSVContext {
AVRational framerate; AVRational framerate;
uint32_t *nsvs_timestamps; uint32_t *nsvs_timestamps;
//DVDemuxContext* dv_demux; //DVDemuxContext* dv_demux;
int nsvf;
} NSVContext; } NSVContext;
static const AVCodecTag nsv_codec_video_tags[] = { static const AVCodecTag nsv_codec_video_tags[] = {
@ -280,6 +281,12 @@ static int nsv_parse_NSVf_header(AVFormatContext *s)
nsv->state = NSV_UNSYNC; /* in case we fail */ nsv->state = NSV_UNSYNC; /* in case we fail */
if (nsv->nsvf) {
av_log(s, AV_LOG_TRACE, "Multiple NSVf\n");
return 0;
}
nsv->nsvf = 1;
size = avio_rl32(pb); size = avio_rl32(pb);
if (size < 28) if (size < 28)
return -1; return -1;