mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-24 13:56:33 +02:00
avformat/s337m: fix potentially undefined pointer arithmetic
Use integer position instead of pointer for loop variable. Also only skip header fields after header has been fully validated.
This commit is contained in:
parent
5e715b583d
commit
6029b8a6bb
@ -86,22 +86,21 @@ static int s337m_probe(AVProbeData *p)
|
||||
{
|
||||
uint64_t state = 0;
|
||||
int markers[3] = { 0 };
|
||||
int i, sum, max, data_type, data_size, offset;
|
||||
int i, pos, sum, max, data_type, data_size, offset;
|
||||
uint8_t *buf;
|
||||
|
||||
for (buf = p->buf; buf < p->buf + p->buf_size; buf++) {
|
||||
state = (state << 8) | *buf;
|
||||
for (pos = 0; pos < p->buf_size; pos++) {
|
||||
state = (state << 8) | p->buf[pos];
|
||||
if (!IS_LE_MARKER(state))
|
||||
continue;
|
||||
|
||||
buf = p->buf + pos + 1;
|
||||
if (IS_16LE_MARKER(state)) {
|
||||
data_type = AV_RL16(buf + 1);
|
||||
data_size = AV_RL16(buf + 3);
|
||||
buf += 4;
|
||||
data_type = AV_RL16(buf );
|
||||
data_size = AV_RL16(buf + 2);
|
||||
} else {
|
||||
data_type = AV_RL24(buf + 1);
|
||||
data_size = AV_RL24(buf + 4);
|
||||
buf += 6;
|
||||
data_type = AV_RL24(buf );
|
||||
data_size = AV_RL24(buf + 3);
|
||||
}
|
||||
|
||||
if (s337m_get_offset_and_codec(NULL, state, data_type, data_size, &offset, NULL))
|
||||
@ -110,7 +109,8 @@ static int s337m_probe(AVProbeData *p)
|
||||
i = IS_16LE_MARKER(state) ? 0 : IS_20LE_MARKER(state) ? 1 : 2;
|
||||
markers[i]++;
|
||||
|
||||
buf += offset;
|
||||
pos += IS_16LE_MARKER(state) ? 4 : 6;
|
||||
pos += offset;
|
||||
state = 0;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user