virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Code Issues Releases Activity

Merge commit '870e75524aa0d00ebcd1d15589c8d29b84af1565'

Browse Source 
* commit '870e75524aa0d00ebcd1d15589c8d29b84af1565':
  matroskadec: validate lace_size when parsed

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-09-20 19:11:41 +02:00
commit 6902c3acb0
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
libavformat/matroskadec.c
View File

@ -1980,11 +1980,19 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
}
total += lace_size[n];
}
if (size <= total) {
res = AVERROR_INVALIDDATA;
goto end;
}
lace_size[n] = size - total;
break;
}
case 0x2: /* fixed-size lacing */
if (size != (size / laces) * size) {
res = AVERROR_INVALIDDATA;
goto end;
}
for (n = 0; n < laces; n++)
lace_size[n] = size / laces;
break;
@ -1995,7 +2003,8 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (n < 0) {
av_log(matroska->ctx, AV_LOG_INFO,
"EBML block data error\n");
break;
res = n;
goto end;
}
data += n;
size -= n;
@ -2007,13 +2016,18 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (r < 0) {
av_log(matroska->ctx, AV_LOG_INFO,
"EBML block data error\n");
break;
res = r;
goto end;
}
data += r;
size -= r;
lace_size[n] = lace_size[n - 1] + snum;
total += lace_size[n];
}
if (size <= total) {
res = AVERROR_INVALIDDATA;
goto end;
}
lace_size[laces - 1] = size - total;
break;
}