diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2011-12-25 12:31:23 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-01-03 22:33:21 +0100 |
| commit | 6caca265338e6b7770439a7038b873fec8ad82f7 (patch) | |
| tree | 468e7e353f24940b25c6df6159808b706b72dd64 | |
| parent | 446d11f5edcb70af1cf2d4a3c05c5bdea4688085 (diff) | |
| download | ffmpeg-6caca265338e6b7770439a7038b873fec8ad82f7.tar.gz | |
shorten: validate values in fmt chunk search
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5e9a56a0350c518cd4b38845aff49d41a9c952ae)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/shorten.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 1906c69de1..ef58aaa6aa 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -205,7 +205,7 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header, { int len; short wave_format; - + const uint8_t *end= header + header_size; if (bytestream_get_le32(&header) != MKTAG('R','I','F','F')) { av_log(avctx, AV_LOG_ERROR, "missing RIFF tag\n"); @@ -221,6 +221,8 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header, while (bytestream_get_le32(&header) != MKTAG('f','m','t',' ')) { len = bytestream_get_le32(&header); + if(len<0 || end - header - 8 < len) + return AVERROR_INVALIDDATA; header += len; } len = bytestream_get_le32(&header); |