mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
matroskadec: fix integer underflow if header length < probe length.
This fixes a crash with specifically crafted files. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
This commit is contained in:
parent
953302656a
commit
69619a13c3
@ -903,6 +903,8 @@ static int matroska_probe(AVProbeData *p)
|
||||
* Not fully fool-proof, but good enough. */
|
||||
for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) {
|
||||
int probelen = strlen(matroska_doctypes[i]);
|
||||
if (total < probelen)
|
||||
continue;
|
||||
for (n = 4+size; n <= 4+size+total-probelen; n++)
|
||||
if (!memcmp(p->buf+n, matroska_doctypes[i], probelen))
|
||||
return AVPROBE_SCORE_MAX;
|
||||
|
Loading…
Reference in New Issue
Block a user