diff options
| author | Marton Balint <cus@passwd.hu> | 2018-05-27 20:39:09 +0200 |
|---|---|---|
| committer | Marton Balint <cus@passwd.hu> | 2018-05-30 23:02:59 +0200 |
| commit | f932e49aab09ffb150aab45746ac7ee669b22b14 (patch) | |
| tree | 2d8d911f2d798950073e23d4abe5a88228198bb7 | |
| parent | e3734aa6a33be64c88e10a11fd9d51d23cf6ee6f (diff) | |
| download | ffmpeg-f932e49aab09ffb150aab45746ac7ee669b22b14.tar.gz | |
avformat/mxfdec: fix klv_decode_ber_length return value usage
Signed-off-by: Marton Balint <cus@passwd.hu>
| -rw-r--r-- | libavformat/mxfdec.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 7a42555562..40c9e0c3a9 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -372,6 +372,8 @@ static int64_t klv_decode_ber_length(AVIOContext *pb) while (bytes_num--) size = size << 8 | avio_r8(pb); } + if (size > INT64_MAX) + return AVERROR_INVALIDDATA; return size; } @@ -390,13 +392,17 @@ static int mxf_read_sync(AVIOContext *pb, const uint8_t *key, unsigned size) static int klv_read_packet(KLVPacket *klv, AVIOContext *pb) { + int64_t length; if (!mxf_read_sync(pb, mxf_klv_key, 4)) return AVERROR_INVALIDDATA; klv->offset = avio_tell(pb) - 4; memcpy(klv->key, mxf_klv_key, 4); avio_read(pb, klv->key + 4, 12); - klv->length = klv_decode_ber_length(pb); - return klv->length == -1 ? -1 : 0; + length = klv_decode_ber_length(pb); + if (length < 0) + return length; + klv->length = length; + return 0; } static int mxf_get_stream_index(AVFormatContext *s, KLVPacket *klv, int body_sid) @@ -486,7 +492,10 @@ static int mxf_decrypt_triplet(AVFormatContext *s, AVPacket *pkt, KLVPacket *klv av_aes_init(mxf->aesc, s->key, 128, 1); } // crypto context - avio_skip(pb, klv_decode_ber_length(pb)); + size = klv_decode_ber_length(pb); + if (size < 0) + return size; + avio_skip(pb, size); // plaintext offset klv_decode_ber_length(pb); plaintext_size = avio_rb64(pb); |