aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Evans <cevans@chromium.org>2011-07-19 17:51:48 -0700
committerRonald S. Bultje <rsbultje@gmail.com>2011-07-19 18:06:06 -0700
commit69619a13c3fef940cba545cf0a283ff22771dd71 (patch)
tree00e7b98b3028a7c9300ef609cdcc91e07b331e30
parent953302656aaaeb1bc737b59fae2d5a11b75d9f7d (diff)
downloadffmpeg-69619a13c3fef940cba545cf0a283ff22771dd71.tar.gz
matroskadec: fix integer underflow if header length < probe length.
This fixes a crash with specifically crafted files. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
-rw-r--r--libavformat/matroskadec.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 852760cc4d..037997742c 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -903,6 +903,8 @@ static int matroska_probe(AVProbeData *p)
* Not fully fool-proof, but good enough. */
for (i = 0; i < FF_ARRAY_ELEMS(matroska_doctypes); i++) {
int probelen = strlen(matroska_doctypes[i]);
+ if (total < probelen)
+ continue;
for (n = 4+size; n <= 4+size+total-probelen; n++)
if (!memcmp(p->buf+n, matroska_doctypes[i], probelen))
return AVPROBE_SCORE_MAX;