aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJanne Grunau <janne-libav@jannau.net>2014-02-11 15:13:31 +0100
committerJanne Grunau <janne-libav@jannau.net>2014-02-12 12:52:28 +0100
commit0ebb523f072322972ea446616676fff32e9603c6 (patch)
tree7ba205b5b24da9b79c20dee14992f416d3dfc245
parent462d5e8e6c050eae7cbb1f2d5c34628088bd0eb6 (diff)
downloadffmpeg-0ebb523f072322972ea446616676fff32e9603c6.tar.gz
asfdec: check ff_get_guid() return values during seeking
Hitting EOF during seeking is quite likely. Fixes use of uninitialized data during fate-seek-lavf-asf.
-rw-r--r--libavformat/asfdec.c26
1 files changed, 16 insertions, 10 deletions
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 5b4366e7e9..e754cb2d2c 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -1387,33 +1387,35 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index,
return pts;
}
-static void asf_build_simple_index(AVFormatContext *s, int stream_index)
+static int asf_build_simple_index(AVFormatContext *s, int stream_index)
{
ff_asf_guid g;
ASFContext *asf = s->priv_data;
int64_t current_pos = avio_tell(s->pb);
- int i;
+ int i, ret = 0;
avio_seek(s->pb, asf->data_object_offset + asf->data_object_size, SEEK_SET);
- ff_get_guid(s->pb, &g);
+ if ((ret = ff_get_guid(s->pb, &g)) < 0)
+ goto end;
/* the data object can be followed by other top-level objects,
* skip them until the simple index object is reached */
while (ff_guidcmp(&g, &index_guid)) {
int64_t gsize = avio_rl64(s->pb);
if (gsize < 24 || s->pb->eof_reached) {
- avio_seek(s->pb, current_pos, SEEK_SET);
- return;
+ goto end;
}
avio_skip(s->pb, gsize - 24);
- ff_get_guid(s->pb, &g);
+ if ((ret = ff_get_guid(s->pb, &g)) < 0)
+ goto end;
}
{
int64_t itime, last_pos = -1;
int pct, ict;
int64_t av_unused gsize = avio_rl64(s->pb);
- ff_get_guid(s->pb, &g);
+ if ((ret = ff_get_guid(s->pb, &g)) < 0)
+ goto end;
itime = avio_rl64(s->pb);
pct = avio_rl32(s->pb);
ict = avio_rl32(s->pb);
@@ -1436,7 +1438,11 @@ static void asf_build_simple_index(AVFormatContext *s, int stream_index)
}
asf->index_read = ict > 0;
}
+end:
+ if (s->pb->eof_reached)
+ ret = 0;
avio_seek(s->pb, current_pos, SEEK_SET);
+ return ret;
}
static int asf_read_seek(AVFormatContext *s, int stream_index,
@@ -1445,7 +1451,7 @@ static int asf_read_seek(AVFormatContext *s, int stream_index,
ASFContext *asf = s->priv_data;
AVStream *st = s->streams[stream_index];
int64_t pos;
- int index;
+ int index, ret = 0;
if (s->packet_size <= 0)
return -1;
@@ -1460,9 +1466,9 @@ static int asf_read_seek(AVFormatContext *s, int stream_index,
}
if (!asf->index_read)
- asf_build_simple_index(s, stream_index);
+ ret = asf_build_simple_index(s, stream_index);
- if ((asf->index_read && st->index_entries)) {
+ if (!ret && asf->index_read && st->index_entries) {
index = av_index_search_timestamp(st, pts, flags);
if (index >= 0) {
/* find the position */