aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>2016-01-06 19:21:49 +0100
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>2016-01-15 00:40:21 +0100
commitc29e87ad55a2be29cc8ac5c0e047512c1f5d34d4 (patch)
tree4b3e6253744f9c7f29cf6b179e12987613cb686c /libavformat
parent0e32153e9c296366e004352ecb3f9fcea74dc17d (diff)
downloadffmpeg-c29e87ad55a2be29cc8ac5c0e047512c1f5d34d4.tar.gz
asfdec_o: check for too small size in asf_read_unknown
This fixes infinite loops due to seeking back. Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/asfdec_o.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index ca4a06652e..bc79f1016e 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g)
if ((ret = detect_unknown_subobject(s, asf->unknown_offset,
asf->unknown_size)) < 0)
return ret;
- } else
+ } else {
+ if (size < 24) {
+ av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size);
+ return AVERROR_INVALIDDATA;
+ }
avio_skip(pb, size - 24);
+ }
return 0;
}