virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

matroskadec: fix integer underflow if header length < probe length.

Browse Source 
This fixes a crash with specifically crafted files.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
This commit is contained in:
Chris Evans 2011-07-19 17:51:48 -07:00 committed by Ronald S. Bultje
parent 953302656a
commit 69619a13c3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/matroskadec.c
View File

@ -903,6 +903,8 @@ static int matroska_probe(AVProbeData *p)
* Not fully fool-proof, but good enough. */ * Not fully fool-proof, but good enough. */
for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) { for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) {
int probelen = strlen(matroska_doctypes[i]); int probelen = strlen(matroska_doctypes[i]);
if (total < probelen)
continue;
for (n = 4+size; n <= 4+size+total-probelen; n++) for (n = 4+size; n <= 4+size+total-probelen; n++)
if (!memcmp(p->buf+n, matroska_doctypes[i], probelen)) if (!memcmp(p->buf+n, matroska_doctypes[i], probelen))
return AVPROBE_SCORE_MAX; return AVPROBE_SCORE_MAX;