diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2013-10-19 17:52:47 +0200 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2013-12-24 01:05:47 +0100 |
commit | fce2cfbdcfbdcf40907f5965f08eb3231385f65b (patch) | |
tree | 8a9b6896e06efdd3793ee7ad26ad4a4c2e8426b5 | |
parent | 72f1907c96b5cf88cfe18cf57a40a8b229ea96c1 (diff) | |
download | ffmpeg-fce2cfbdcfbdcf40907f5965f08eb3231385f65b.tar.gz |
avcodec/utils: add some saftey checks to add_metadata_from_side_data()
This fixes potential overreads with crafted files.
Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 838f461b0716393a1b5c70efd03de1e8bc197380)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r-- | libavcodec/utils.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/libavcodec/utils.c b/libavcodec/utils.c index d77b5ec661..5b1b96d9b8 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1899,10 +1899,17 @@ static int add_metadata_from_side_data(AVCodecContext *avctx, AVFrame *frame) if (!side_metadata) goto end; end = side_metadata + size; + if (size && end[-1]) + return AVERROR_INVALIDDATA; while (side_metadata < end) { const uint8_t *key = side_metadata; const uint8_t *val = side_metadata + strlen(key) + 1; - int ret = av_dict_set(avpriv_frame_get_metadatap(frame), key, val, 0); + int ret; + + if (val >= end) + return AVERROR_INVALIDDATA; + + ret = av_dict_set(avpriv_frame_get_metadatap(frame), key, val, 0); if (ret < 0) break; side_metadata = val + strlen(val) + 1; |