avformat/nsvdec: Do not parse multiple NSVf

The specification states "NSV files may contain a single file header. " Fixes: out of array access Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421 Found-by: Paul Ch <paulcher@icloud.com> Tested-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2018-08-16 12:23:20 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2018-08-20 02:32:41 +0200
commit: 78d4b6bd43fc266a2ee926f0555c8782246f9445 (patch)
tree: d9876490f10aca78b3e7aa0341258986c616293b
parent: 77429b4217bd2366c5f05479086b3f9613d640ee (diff)
download: ffmpeg-78d4b6bd43fc266a2ee926f0555c8782246f9445.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c
index d8ce656817..92f7d178f6 100644
--- a/libavformat/nsvdec.c
+++ b/libavformat/nsvdec.c
@@ -176,6 +176,7 @@ typedef struct NSVContext {
     int16_t avsync;
     AVRational framerate;
     uint32_t *nsvs_timestamps;
+    int nsvf;
 } NSVContext;
 
 static const AVCodecTag nsv_codec_video_tags[] = {
@@ -266,6 +267,12 @@ static int nsv_parse_NSVf_header(AVFormatContext *s)
 
     nsv->state = NSV_UNSYNC; /* in case we fail */
 
+    if (nsv->nsvf) {
+        av_log(s, AV_LOG_TRACE, "Multiple NSVf\n");
+        return 0;
+    }
+    nsv->nsvf = 1;
+
     size = avio_rl32(pb);
     if (size < 28)
         return -1;
author	Michael Niedermayer <michael@niedermayer.cc>	2018-08-16 12:23:20 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2018-08-20 02:32:41 +0200
commit	78d4b6bd43fc266a2ee926f0555c8782246f9445 (patch)
tree	d9876490f10aca78b3e7aa0341258986c616293b
parent	77429b4217bd2366c5f05479086b3f9613d640ee (diff)
download	ffmpeg-78d4b6bd43fc266a2ee926f0555c8782246f9445.tar.gz