aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBaptiste Coudurier <baptiste.coudurier@gmail.com>2007-09-12 10:18:01 +0000
committerBaptiste Coudurier <baptiste.coudurier@gmail.com>2007-09-12 10:18:01 +0000
commitaaac6c29d215dc4f36d7bec8e88466f83a234b5e (patch)
tree54d89166187247c2b92e5be92ec642bf0559c992
parent36cb992b54ecf1dac26c4408a7c99d4f5ead9f5e (diff)
downloadffmpeg-aaac6c29d215dc4f36d7bec8e88466f83a234b5e.tar.gz
stop parsing udta if size is wrong/garbage, fix issue 154, fix RQ004F14.MOV
Originally committed as revision 10481 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r--libavformat/mov.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 68c81dede4..c9de693df0 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1060,6 +1060,9 @@ static int mov_read_udta(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
uint32_t tag = get_le32(pb);
uint64_t next = url_ftell(pb) + tag_size - 8;
+ if (next > end) // stop if tag_size is wrong
+ break;
+
switch (tag) {
case MKTAG(0xa9,'n','a','m'):
mov_parse_udta_string(pb, c->fc->title, sizeof(c->fc->title));