virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00
Code Issues Releases Activity

avformat/mpc8: fix hang with fuzzed file

Browse Source 
This can lead to an endless loop by seeking back a few bytes after each
attempted chunk read. Assuming negative sizes are always invalid, this
is easy to fix. Other code in this demuxer treats negative sizes as
invalid as well.

Fixes ticket #4262.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
wm4 2015-02-03 19:04:12 +01:00 committed by Michael Niedermayer
parent e93d3a22cb
commit 56cc024220
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/mpc8.c
View File

@ -223,6 +223,10 @@ static int mpc8_read_header(AVFormatContext *s)
while(!avio_feof(pb)){
pos = avio_tell(pb);
mpc8_get_chunk_header(pb, &tag, &size);
if (size < 0) {
av_log(s, AV_LOG_ERROR, "Invalid chunk length\n");
return AVERROR_INVALIDDATA;
}
if(tag == TAG_STREAMHDR)
break;
mpc8_handle_chunk(s, tag, pos, size);