diff options
author | Janne Grunau <janne-libav@jannau.net> | 2014-02-11 15:13:31 +0100 |
---|---|---|
committer | Janne Grunau <janne-libav@jannau.net> | 2014-02-12 12:52:28 +0100 |
commit | 0ebb523f072322972ea446616676fff32e9603c6 (patch) | |
tree | 7ba205b5b24da9b79c20dee14992f416d3dfc245 | |
parent | 462d5e8e6c050eae7cbb1f2d5c34628088bd0eb6 (diff) | |
download | ffmpeg-0ebb523f072322972ea446616676fff32e9603c6.tar.gz |
asfdec: check ff_get_guid() return values during seeking
Hitting EOF during seeking is quite likely. Fixes use of uninitialized
data during fate-seek-lavf-asf.
-rw-r--r-- | libavformat/asfdec.c | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index 5b4366e7e9..e754cb2d2c 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -1387,33 +1387,35 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, return pts; } -static void asf_build_simple_index(AVFormatContext *s, int stream_index) +static int asf_build_simple_index(AVFormatContext *s, int stream_index) { ff_asf_guid g; ASFContext *asf = s->priv_data; int64_t current_pos = avio_tell(s->pb); - int i; + int i, ret = 0; avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET); - ff_get_guid(s->pb, &g); + if ((ret = ff_get_guid(s->pb, &g)) < 0) + goto end; /* the data object can be followed by other top-level objects, * skip them until the simple index object is reached */ while (ff_guidcmp(&g, &index_guid)) { int64_t gsize = avio_rl64(s->pb); if (gsize < 24 || s->pb->eof_reached) { - avio_seek(s->pb, current_pos, SEEK_SET); - return; + goto end; } avio_skip(s->pb, gsize - 24); - ff_get_guid(s->pb, &g); + if ((ret = ff_get_guid(s->pb, &g)) < 0) + goto end; } { int64_t itime, last_pos = -1; int pct, ict; int64_t av_unused gsize = avio_rl64(s->pb); - ff_get_guid(s->pb, &g); + if ((ret = ff_get_guid(s->pb, &g)) < 0) + goto end; itime = avio_rl64(s->pb); pct = avio_rl32(s->pb); ict = avio_rl32(s->pb); @@ -1436,7 +1438,11 @@ static void asf_build_simple_index(AVFormatContext *s, int stream_index) } asf->index_read = ict > 0; } +end: + if (s->pb->eof_reached) + ret = 0; avio_seek(s->pb, current_pos, SEEK_SET); + return ret; } static int asf_read_seek(AVFormatContext *s, int stream_index, @@ -1445,7 +1451,7 @@ static int asf_read_seek(AVFormatContext *s, int stream_index, ASFContext *asf = s->priv_data; AVStream *st = s->streams[stream_index]; int64_t pos; - int index; + int index, ret = 0; if (s->packet_size <= 0) return -1; @@ -1460,9 +1466,9 @@ static int asf_read_seek(AVFormatContext *s, int stream_index, } if (!asf->index_read) - asf_build_simple_index(s, stream_index); + ret = asf_build_simple_index(s, stream_index); - if ((asf->index_read && st->index_entries)) { + if (!ret && asf->index_read && st->index_entries) { index = av_index_search_timestamp(st, pts, flags); if (index >= 0) { /* find the position */ |