mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
avformat/wtvdec: Skip too big tags
get_tag() is not designed with negative length in mind; in this case, it will allocate a very small buffer (LEN_PRETTY_GUID + 1) and might call avio_get_str16le() with a negative maxlen (which relies on these parameters to be signed). Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This commit is contained in:
parent
c461ee39f9
commit
197f7e914b
@ -539,7 +539,7 @@ static void parse_legacy_attrib(AVFormatContext *s, AVIOContext *pb)
|
|||||||
ff_get_guid(pb, &guid);
|
ff_get_guid(pb, &guid);
|
||||||
type = avio_rl32(pb);
|
type = avio_rl32(pb);
|
||||||
length = avio_rl32(pb);
|
length = avio_rl32(pb);
|
||||||
if (!length)
|
if (length <= 0)
|
||||||
break;
|
break;
|
||||||
if (ff_guidcmp(&guid, ff_metadata_guid)) {
|
if (ff_guidcmp(&guid, ff_metadata_guid)) {
|
||||||
av_log(s, AV_LOG_WARNING, "unknown guid "FF_PRI_GUID", expected metadata_guid; "
|
av_log(s, AV_LOG_WARNING, "unknown guid "FF_PRI_GUID", expected metadata_guid; "
|
||||||
|
Loading…
Reference in New Issue
Block a user