diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2014-01-08 04:49:50 +0100 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2014-01-08 04:55:42 +0100 |
commit | 1c010fd035c1a14dc73827b84f21f593e969a5d6 (patch) | |
tree | 5717d1b4500ae663d4fbc9ab9a3d629b611255dd | |
parent | 94cf4f8bac12c58e30ce3b5d72cf5898baafe9a8 (diff) | |
download | ffmpeg-1c010fd035c1a14dc73827b84f21f593e969a5d6.tar.gz |
avformat/mxfdec: detect loops during header parsing
The header parser uses forward and backward parsing, making the
bulletproof prevention of loops difficult, thus this simple
detection code.
If someone improves the forward/backward parsing so it cannot loop
then this commit should be reverted
Fixes Ticket3278
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r-- | libavformat/mxfdec.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 61c0cb2366..07740ebb4b 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -2011,6 +2011,8 @@ static int mxf_read_header(AVFormatContext *s) MXFContext *mxf = s->priv_data; KLVPacket klv; int64_t essence_offset = 0; + int64_t last_pos = -1; + uint64_t last_pos_index = 1; int ret; mxf->last_forward_tell = INT64_MAX; @@ -2028,7 +2030,12 @@ static int mxf_read_header(AVFormatContext *s) while (!url_feof(s->pb)) { const MXFMetadataReadTableEntry *metadata; - + if (avio_tell(s->pb) == last_pos) { + av_log(mxf->fc, AV_LOG_ERROR, "MXF structure loop detected\n"); + return AVERROR_INVALIDDATA; + } + if ((1ULL<<61) % last_pos_index++ == 0) + last_pos = avio_tell(s->pb); if (klv_read_packet(&klv, s->pb) < 0) { /* EOF - seek to previous partition or stop */ if(mxf_parse_handle_partition_or_eof(mxf) <= 0) |