avformat/oggparseogm: check input size before reading parameters

Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f4d0daad100_3599_anOTHERS_DixX_in_Ogg_Sample.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-12-23 18:09:58 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2013-12-26 16:19:01 +0100
commit: 6359872877269fa0c1874587676e952d30f9b79f (patch)
tree: f3ee06f0db87585a2c7919f1881d26907bce1e47
parent: d164ad3298c155330e303bea907920643b5d74a3 (diff)
download: ffmpeg-6359872877269fa0c1874587676e952d30f9b79f.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libavformat/oggparseogm.c b/libavformat/oggparseogm.c
index b8c502a5ff..707381df66 100644
--- a/libavformat/oggparseogm.c
+++ b/libavformat/oggparseogm.c
@@ -129,12 +129,18 @@ ogm_dshow_header(AVFormatContext *s, int idx)
     t = AV_RL32(p + 96);
 
     if(t == 0x05589f80){
+        if (os->psize < 184)
+            return AVERROR_INVALIDDATA;
+
         st->codec->codec_type = AVMEDIA_TYPE_VIDEO;
         st->codec->codec_id = ff_codec_get_id(ff_codec_bmp_tags, AV_RL32(p + 68));
         avpriv_set_pts_info(st, 64, AV_RL64(p + 164), 10000000);
         st->codec->width = AV_RL32(p + 176);
         st->codec->height = AV_RL32(p + 180);
     } else if(t == 0x05589f81){
+        if (os->psize < 136)
+            return AVERROR_INVALIDDATA;
+
         st->codec->codec_type = AVMEDIA_TYPE_AUDIO;
         st->codec->codec_id = ff_codec_get_id(ff_codec_wav_tags, AV_RL16(p + 124));
         st->codec->channels = AV_RL16(p + 126);
author	Michael Niedermayer <michaelni@gmx.at>	2013-12-23 18:09:58 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2013-12-26 16:19:01 +0100
commit	6359872877269fa0c1874587676e952d30f9b79f (patch)
tree	f3ee06f0db87585a2c7919f1881d26907bce1e47
parent	d164ad3298c155330e303bea907920643b5d74a3 (diff)
download	ffmpeg-6359872877269fa0c1874587676e952d30f9b79f.tar.gz