1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

matroskadec: fix integer underflow if header length < probe length.

This fixes a crash with specifically crafted files.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
This commit is contained in:
Chris Evans 2011-07-19 17:51:48 -07:00 committed by Ronald S. Bultje
parent 953302656a
commit 69619a13c3

View File

@ -903,6 +903,8 @@ static int matroska_probe(AVProbeData *p)
* Not fully fool-proof, but good enough. */
for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) {
int probelen = strlen(matroska_doctypes[i]);
if (total < probelen)
continue;
for (n = 4+size; n <= 4+size+total-probelen; n++)
if (!memcmp(p->buf+n, matroska_doctypes[i], probelen))
return AVPROBE_SCORE_MAX;