virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-05-16 08:38:24 +02:00
Code Issues Releases Activity

ffmdec: reject zero-sized chunks

Browse Source 
If size is zero, avio_get_str fails, leaving the buffer uninitialized.
This causes invalid reads in av_set_options_string.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit a611375db5)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun
2015-12-02 22:47:12 +01:00
parent 20a48eaaf1
commit 76af12f542
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavformat/ffmdec.c
+2 -2
View File
@@ -415,7 +415,7 @@ static int ffm2_read_header(AVFormatContext *s)
} }
break; break;
case MKBETAG('S', '2', 'V', 'I'): case MKBETAG('S', '2', 'V', 'I'):
if (f_stvi++) { if (f_stvi++ || !size) {
ret = AVERROR(EINVAL); ret = AVERROR(EINVAL);
goto fail; goto fail;
} }
@@ -430,7 +430,7 @@ static int ffm2_read_header(AVFormatContext *s)
goto fail; goto fail;
break; break;
case MKBETAG('S', '2', 'A', 'U'): case MKBETAG('S', '2', 'A', 'U'):
if (f_stau++) { if (f_stau++ || !size) {
ret = AVERROR(EINVAL); ret = AVERROR(EINVAL);
goto fail; goto fail;
} }