aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2019-07-06 18:59:22 +0200
committerJames Almer <jamrial@gmail.com>2019-07-06 14:48:54 -0300
commiteb33be188d2acb99e8f0f6a5cb45c931ed947cd0 (patch)
tree7b5ac2343569c2f00f76bf3a630cfc4f7b8228d3 /libavformat
parentb9a6106842d0e6e65a040fd20d5e8a66350617c5 (diff)
downloadffmpeg-eb33be188d2acb99e8f0f6a5cb45c931ed947cd0.tar.gz
matroskadec: Fix overflow introduced in a569a7b3
This commit fixes an overflow introduced in a569a7b3 that affected EBML elements that the Matroska demuxer doesn't want to parse like CRC-32 elements. The return value of avio_skip (the new position on success or an AVERROR on failure) has been assigned to an integer which meant that new positions in the range of 2GB to 4GB-1 etc. were considered errors. Fixes ticket #8001. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/matroskadec.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index bc73bfed11..4d7076fa26 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1259,12 +1259,13 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska,
return 1;
default:
if (length) {
+ int64_t res2;
if (ffio_limit(pb, length) != length) {
// ffio_limit emits its own error message,
// so we don't have to.
return AVERROR(EIO);
}
- if ((res = avio_skip(pb, length - 1)) >= 0) {
+ if ((res2 = avio_skip(pb, length - 1)) >= 0) {
// avio_skip might take us past EOF. We check for this
// by skipping only length - 1 bytes, reading a byte and
// checking the error flags. This is done in order to check
@@ -1272,7 +1273,8 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska,
// no filesize (that ffio_limit relies on) is available.
avio_r8(pb);
res = NEEDS_CHECKING;
- }
+ } else
+ res = res2;
} else
res = 0;
}