virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

stop parsing if tag size is wrongly < 8 to avoid infinite loop

Browse Source 
Originally committed as revision 15401 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Baptiste Coudurier 2008-09-24 18:55:00 +00:00
parent f2d65a6c8a
commit 4e240985d8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/mov.c
View File

@ -1379,7 +1379,7 @@ static int mov_read_udta(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
uint32_t tag = get_le32(pb);
uint64_t next = url_ftell(pb) + tag_size - 8;
if (next > end) // stop if tag_size is wrong
if (tag_size < 8 || next > end) // stop if tag_size is wrong
break;
switch (tag) {