matroskadec: check element size against stream limit in ebml_parse_elem()

Fixes Ticket1195 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2012-08-04 02:27:51 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2012-08-04 02:27:51 +0200
commit: 668c873bedfe9cf415153c3126c8e75d4ec712aa (patch)
tree: 7cfe4abcda90ea6771b3dcfd1ef62a71fb965d16
parent: d673a3f4a91e2d80ab2492cc07c7b4d1fb762612 (diff)
download: ffmpeg-668c873bedfe9cf415153c3126c8e75d4ec712aa.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index f75763284b..2c954afa05 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -945,7 +945,10 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska,
                      return ebml_parse_nest(matroska, syntax->def.n, data);
     case EBML_PASS:  return ebml_parse_id(matroska, syntax->def.n, id, data);
     case EBML_STOP:  return 1;
-    default:         return avio_skip(pb,length)<0 ? AVERROR(EIO) : 0;
+    default:
+        if(ffio_limit(pb, length) != length)
+            return AVERROR(EIO);
+        return avio_skip(pb,length)<0 ? AVERROR(EIO) : 0;
     }
     if (res == AVERROR_INVALIDDATA)
         av_log(matroska->ctx, AV_LOG_ERROR, "Invalid element\n");
author	Michael Niedermayer <michaelni@gmx.at>	2012-08-04 02:27:51 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2012-08-04 02:27:51 +0200
commit	668c873bedfe9cf415153c3126c8e75d4ec712aa (patch)
tree	7cfe4abcda90ea6771b3dcfd1ef62a71fb965d16
parent	d673a3f4a91e2d80ab2492cc07c7b4d1fb762612 (diff)
download	ffmpeg-668c873bedfe9cf415153c3126c8e75d4ec712aa.tar.gz