oma: correctly mark and decrypt partial packets

Incomplete crypted files would lead to a read after buffer boundary
otherwise.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

1 files changed, 8 insertions, 2 deletions

diff --git a/libavformat/omadec.c b/libavformat/omadec.c
index 5bfaea5cf0..1d7fc91819 100644
--- a/libavformat/omadec.c
+++ b/libavformat/omadec.c
@@ -405,6 +405,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
     int packet_size = s->streams[0]->codec->block_align;
     int ret = av_get_packet(s->pb, pkt, packet_size);
 
+    if (ret < packet_size)
+        pkt->flags |= AV_PKT_FLAG_CORRUPT;
+
     if (ret < 0)
         return ret;
     if (!ret)
@@ -415,8 +418,11 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
     if (oc->encrypted) {
         /* previous unencrypted block saved in IV for
          * the next packet (CBC mode) */
-        av_des_crypt(&oc->av_des, pkt->data, pkt->data,
-                     (packet_size >> 3), oc->iv, 1);
+        if (ret == packet_size)
+            av_des_crypt(&oc->av_des, pkt->data, pkt->data,
+                         (packet_size >> 3), oc->iv, 1);
+        else
+            memset(oc->iv, 0, 8);
     }
 
     return ret;