aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Storsjö <martin@martin.st>2013-09-20 12:26:45 +0300
committerMartin Storsjö <martin@martin.st>2013-09-22 21:02:52 +0300
commitf7e616959aff8706edccdae763c24c897c449f6f (patch)
treeb05fc3d41b273c753f2b7f3f3b27ae68fdbcc736
parentce67f442be0f6c4a8794272873852e256b5b8ee4 (diff)
downloadffmpeg-f7e616959aff8706edccdae763c24c897c449f6f.tar.gz
electronicarts: Check packet sizes before reading
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st>
Diffstat
-rw-r--r--libavformat/electronicarts.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c
index e764bd96eb..b0e0674ad8 100644
--- a/libavformat/electronicarts.c
+++ b/libavformat/electronicarts.c
@@ -555,10 +555,16 @@ static int ea_read_packet(AVFormatContext *s, AVPacket *pkt)
case AV_CODEC_ID_ADPCM_EA_R1:
case AV_CODEC_ID_ADPCM_EA_R2:
case AV_CODEC_ID_ADPCM_IMA_EA_EACS:
- pkt->duration = AV_RL32(pkt->data);
- break;
case AV_CODEC_ID_ADPCM_EA_R3:
- pkt->duration = AV_RB32(pkt->data);
+ if (pkt->size < 4) {
+ av_log(s, AV_LOG_ERROR, "Packet is too short\n");
+ av_free_packet(pkt);
+ return AVERROR_INVALIDDATA;
+ }
+ if (ea->audio_codec == AV_CODEC_ID_ADPCM_EA_R3)
+ pkt->duration = AV_RB32(pkt->data);
+ else
+ pkt->duration = AV_RL32(pkt->data);
break;
case AV_CODEC_ID_ADPCM_IMA_EA_SEAD:
pkt->duration = ret * 2 / ea->num_channels;
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-15 18:55:16 +0000