virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-29 22:00:58 +02:00
Code Issues Releases Activity

avformat/smacker: Check audio frame size

Browse Source 
The first four bytes of smacker audio are supposed to contain the number
of samples, so treat audio frames smaller than that as invalid.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2020-06-23 14:05:17 +02:00
parent 02bbb37006
commit 2f687bc83e
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavformat/smacker.c
View File

@ -307,14 +307,14 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt)
if(flags & 1) {
uint32_t size;
size = avio_rl32(s->pb) - 4;
if (!size || size + 4LL > frame_size) {
size = avio_rl32(s->pb);
if ((int)size < 8 || size > frame_size) {
av_log(s, AV_LOG_ERROR, "Invalid audio part size\n");
ret = AVERROR_INVALIDDATA;
goto next_frame;
}
frame_size -= size;
frame_size -= 4;
size -= 4;
if ((ret = av_reallocp(&smk->bufs[smk->curstream], size)) < 0) {
smk->buf_sizes[smk->curstream] = 0;
goto next_frame;