virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

ea: check chunk_size for validity.

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This commit is contained in:
Ronald S. Bultje 2012-05-04 16:06:26 -07:00
parent 37ddd38332
commit 273e6af47b
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavformat/electronicarts.c
View File

@ -487,12 +487,17 @@ static int ea_read_packet(AVFormatContext *s,
while (!packet_read) { while (!packet_read) {
chunk_type = avio_rl32(pb); chunk_type = avio_rl32(pb);
chunk_size = (ea->big_endian ? avio_rb32(pb) : avio_rl32(pb)) - 8; chunk_size = ea->big_endian ? avio_rb32(pb) : avio_rl32(pb);
if (chunk_size <= 8)
return AVERROR_INVALIDDATA;
chunk_size -= 8;
switch (chunk_type) { switch (chunk_type) {
/* audio data */ /* audio data */
case ISNh_TAG: case ISNh_TAG:
/* header chunk also contains data; skip over the header portion*/ /* header chunk also contains data; skip over the header portion*/
if (chunk_size < 32)
return AVERROR_INVALIDDATA;
avio_skip(pb, 32); avio_skip(pb, 32);
chunk_size -= 32; chunk_size -= 32;
case ISNd_TAG: case ISNd_TAG: