virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Code Issues Releases Activity

Do not loop endlessly if id3v2 tag size is negative / too large.

Browse Source 
Fixes the sample from issue 2649.
This commit is contained in:
Carl Eugen Hoyos 2011-03-07 23:18:36 +01:00
parent 2a8175ff9c
commit ac533ac458
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavformat/id3v2.c
View File

@ -138,7 +138,8 @@ static void read_ttag(AVFormatContext *s, AVIOContext *pb, int taglen, const cha
static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t flags) static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t flags)
{ {
int isv34, tlen, unsync; int isv34, unsync;
unsigned tlen;
char tag[5]; char tag[5];
int64_t next; int64_t next;
int taghdrlen; int taghdrlen;
@ -191,6 +192,8 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
tag[3] = 0; tag[3] = 0;
tlen = avio_rb24(s->pb); tlen = avio_rb24(s->pb);
} }
if (tlen > (1<<28))
break;
len -= taghdrlen + tlen; len -= taghdrlen + tlen;
if (len < 0) if (len < 0)