avformat/wtvdec: Skip too big tags

get_tag() is not designed with negative length in mind; in this case, it will allocate a very small buffer (LEN_PRETTY_GUID + 1) and might call avio_get_str16le() with a negative maxlen (which relies on these parameters to be signed). Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
author: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> 2023-09-12 11:36:01 +0200
committer: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> 2023-09-12 23:34:54 +0200
commit: 197f7e914bc2a7113388156df5b0e617a4a3ba32 (patch)
tree: 089cb8f37c6fff48701c01a1c887e09beca3b512 /libavformat/wtvdec.c
parent: c461ee39f941a9d50dbbec9a704d8c739912dcdb (diff)
download: ffmpeg-197f7e914bc2a7113388156df5b0e617a4a3ba32.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index 1103f5ba03..2de6dc2103 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -539,7 +539,7 @@ static void parse_legacy_attrib(AVFormatContext *s, AVIOContext *pb)
         ff_get_guid(pb, &guid);
         type   = avio_rl32(pb);
         length = avio_rl32(pb);
-        if (!length)
+        if (length <= 0)
             break;
         if (ff_guidcmp(&guid, ff_metadata_guid)) {
             av_log(s, AV_LOG_WARNING, "unknown guid "FF_PRI_GUID", expected metadata_guid; "
author	Andreas Rheinhardt <andreas.rheinhardt@outlook.com>	2023-09-12 11:36:01 +0200
committer	Andreas Rheinhardt <andreas.rheinhardt@outlook.com>	2023-09-12 23:34:54 +0200
commit	197f7e914bc2a7113388156df5b0e617a4a3ba32 (patch)
tree	089cb8f37c6fff48701c01a1c887e09beca3b512 /libavformat/wtvdec.c
parent	c461ee39f941a9d50dbbec9a704d8c739912dcdb (diff)
download	ffmpeg-197f7e914bc2a7113388156df5b0e617a4a3ba32.tar.gz