aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat/asfdec.c
diff options
context:
space:
mode:
authorAndreas Cadhalpun <andreas.cadhalpun@googlemail.com>2016-01-06 20:59:58 +0100
committerLuca Barbato <lu_zero@gentoo.org>2016-02-07 03:12:33 +0100
commitbf50607ab76157ba251a01f5baa5cf67b23b2ee9 (patch)
treea6886322ad01abe7776db1960f31c40e33d1365e /libavformat/asfdec.c
parente4d1621c6e51c623061676439a55dfab89d330f6 (diff)
downloadffmpeg-bf50607ab76157ba251a01f5baa5cf67b23b2ee9.tar.gz
asfdec: check for too small size in asf_read_unknown
This fixes infinite loops due to seeking back. Signed-off-by: Alexandra Hájková <alexandra@khirnov.net> Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Diffstat (limited to 'libavformat/asfdec.c')
-rw-r--r--libavformat/asfdec.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index aef61bbdd4..cbab9a2dd6 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g)
if ((ret = detect_unknown_subobject(s, asf->unknown_offset,
asf->unknown_size)) < 0)
return ret;
- } else
+ } else {
+ if (size < 24) {
+ av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size);
+ return AVERROR_INVALIDDATA;
+ }
avio_skip(pb, size - 24);
+ }
return 0;
}