diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2011-12-16 06:13:04 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2011-12-16 06:13:04 +0100 |
| commit | 62adc60b97d854507d07a21b2f370ab5c69e6b7b (patch) | |
| tree | 0f9cac67a4b508437152fbf4ba1c43487784baba | |
| parent | f72601d06378494b5026b919fcd3eb5eb22799a1 (diff) | |
| download | ffmpeg-62adc60b97d854507d07a21b2f370ab5c69e6b7b.tar.gz | |
avidec: Check that the header chunks fit in the available filesize.
Fixes Ticket771
Bug found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavformat/avidec.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 05f5d58290..ec543d76d0 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -387,6 +387,11 @@ static int avi_read_header(AVFormatContext *s, AVFormatParameters *ap) tag = avio_rl32(pb); size = avio_rl32(pb); + if(size > avi->fsize){ + av_log(s, AV_LOG_ERROR, "chunk size is too big during header parsing\n"); + goto fail; + } + print_tag("tag", tag, size); switch(tag) { |