diff options
author | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2016-01-06 19:21:49 +0100 |
---|---|---|
committer | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2016-01-15 00:40:21 +0100 |
commit | c29e87ad55a2be29cc8ac5c0e047512c1f5d34d4 (patch) | |
tree | 4b3e6253744f9c7f29cf6b179e12987613cb686c /libavformat | |
parent | 0e32153e9c296366e004352ecb3f9fcea74dc17d (diff) | |
download | ffmpeg-c29e87ad55a2be29cc8ac5c0e047512c1f5d34d4.tar.gz |
asfdec_o: check for too small size in asf_read_unknown
This fixes infinite loops due to seeking back.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Diffstat (limited to 'libavformat')
-rw-r--r-- | libavformat/asfdec_o.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c index ca4a06652e..bc79f1016e 100644 --- a/libavformat/asfdec_o.c +++ b/libavformat/asfdec_o.c @@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g) if ((ret = detect_unknown_subobject(s, asf->unknown_offset, asf->unknown_size)) < 0) return ret; - } else + } else { + if (size < 24) { + av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size); + return AVERROR_INVALIDDATA; + } avio_skip(pb, size - 24); + } return 0; } |