aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorPaul B Mahol <onemda@gmail.com>2012-10-26 14:01:51 +0000
committerPaul B Mahol <onemda@gmail.com>2012-10-28 20:33:29 +0000
commitc2e2b3029e7f6d81dc2e0dae82b92f05c03c376b (patch)
tree568fa4d801baef7eb3d09d4706ebb235a8dd3b99 /libavformat
parent3d6a246b4b92aca9e2a3992c54e45eb501f4de2f (diff)
downloadffmpeg-c2e2b3029e7f6d81dc2e0dae82b92f05c03c376b.tar.gz
cafdec: fix parsing of chunks which may have unused data
Specification mentions 'strg', 'mark', 'regn', 'info', .. chunks to have data section size larger than chunk's current meaningful content in order to reserve room for additional data. Signed-off-by: Paul B Mahol <onemda@gmail.com>
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/cafdec.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index a576dac07e..f166804795 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -225,7 +225,7 @@ static int read_header(AVFormatContext *s)
AVStream *st;
uint32_t tag = 0;
int found_data, ret;
- int64_t size;
+ int64_t size, pos;
avio_skip(pb, 8); /* magic, version, file flags */
@@ -254,6 +254,7 @@ static int read_header(AVFormatContext *s)
tag = avio_rb32(pb);
size = avio_rb64(pb);
+ pos = avio_tell(pb);
if (url_feof(pb))
break;
@@ -296,9 +297,14 @@ static int read_header(AVFormatContext *s)
case MKBETAG('f','r','e','e'):
if (size < 0)
return AVERROR_INVALIDDATA;
- avio_skip(pb, size);
break;
}
+
+ if (size > 0) {
+ if (pos + size < pos)
+ return AVERROR_INVALIDDATA;
+ avio_skip(pb, FFMAX(0, pos + size - avio_tell(pb)));
+ }
}
if (!found_data)