1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

asfdec: fix possible overread on broken files.

This commit is contained in:
Uoti Urpala 2011-05-12 10:20:27 -04:00 committed by Reinhard Tartler
parent 69fa23961e
commit 29fa570d0c

View File

@ -852,7 +852,10 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){
}
if (asf->packet_flags & 0x01) {
DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal
if(asf->packet_frag_size > asf->packet_size_left - rsize){
if (rsize > asf->packet_size_left) {
av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n");
return -1;
} else if(asf->packet_frag_size > asf->packet_size_left - rsize){
if (asf->packet_frag_size > asf->packet_size_left - rsize + asf->packet_padsize) {
av_log(s, AV_LOG_ERROR, "packet_frag_size is invalid (%d-%d)\n", asf->packet_size_left, rsize);
return -1;