aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2013-10-19 17:52:47 +0200
committerMichael Niedermayer <michaelni@gmx.at>2013-12-24 01:05:47 +0100
commitfce2cfbdcfbdcf40907f5965f08eb3231385f65b (patch)
tree8a9b6896e06efdd3793ee7ad26ad4a4c2e8426b5
parent72f1907c96b5cf88cfe18cf57a40a8b229ea96c1 (diff)
downloadffmpeg-fce2cfbdcfbdcf40907f5965f08eb3231385f65b.tar.gz
avcodec/utils: add some saftey checks to add_metadata_from_side_data()
This fixes potential overreads with crafted files. Found-by: wm4 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 838f461b0716393a1b5c70efd03de1e8bc197380) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/utils.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index d77b5ec661..5b1b96d9b8 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -1899,10 +1899,17 @@ static int add_metadata_from_side_data(AVCodecContext *avctx, AVFrame *frame)
if (!side_metadata)
goto end;
end = side_metadata + size;
+ if (size && end[-1])
+ return AVERROR_INVALIDDATA;
while (side_metadata < end) {
const uint8_t *key = side_metadata;
const uint8_t *val = side_metadata + strlen(key) + 1;
- int ret = av_dict_set(avpriv_frame_get_metadatap(frame), key, val, 0);
+ int ret;
+
+ if (val >= end)
+ return AVERROR_INVALIDDATA;
+
+ ret = av_dict_set(avpriv_frame_get_metadatap(frame), key, val, 0);
if (ret < 0)
break;
side_metadata = val + strlen(val) + 1;