diff options
author | Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> | 2016-01-06 20:59:58 +0100 |
---|---|---|
committer | Luca Barbato <lu_zero@gentoo.org> | 2016-02-07 03:12:33 +0100 |
commit | bf50607ab76157ba251a01f5baa5cf67b23b2ee9 (patch) | |
tree | a6886322ad01abe7776db1960f31c40e33d1365e /libavformat/asfdec.c | |
parent | e4d1621c6e51c623061676439a55dfab89d330f6 (diff) | |
download | ffmpeg-bf50607ab76157ba251a01f5baa5cf67b23b2ee9.tar.gz |
asfdec: check for too small size in asf_read_unknown
This fixes infinite loops due to seeking back.
Signed-off-by: Alexandra Hájková <alexandra@khirnov.net>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Diffstat (limited to 'libavformat/asfdec.c')
-rw-r--r-- | libavformat/asfdec.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index aef61bbdd4..cbab9a2dd6 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g) if ((ret = detect_unknown_subobject(s, asf->unknown_offset, asf->unknown_size)) < 0) return ret; - } else + } else { + if (size < 24) { + av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size); + return AVERROR_INVALIDDATA; + } avio_skip(pb, size - 24); + } return 0; } |