diff options
author | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2019-07-06 18:59:22 +0200 |
---|---|---|
committer | James Almer <jamrial@gmail.com> | 2019-07-06 14:48:54 -0300 |
commit | eb33be188d2acb99e8f0f6a5cb45c931ed947cd0 (patch) | |
tree | 7b5ac2343569c2f00f76bf3a630cfc4f7b8228d3 /libavformat | |
parent | b9a6106842d0e6e65a040fd20d5e8a66350617c5 (diff) | |
download | ffmpeg-eb33be188d2acb99e8f0f6a5cb45c931ed947cd0.tar.gz |
matroskadec: Fix overflow introduced in a569a7b3
This commit fixes an overflow introduced in a569a7b3 that affected EBML
elements that the Matroska demuxer doesn't want to parse like CRC-32
elements. The return value of avio_skip (the new position on success or
an AVERROR on failure) has been assigned to an integer which meant that
new positions in the range of 2GB to 4GB-1 etc. were considered errors.
Fixes ticket #8001.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Diffstat (limited to 'libavformat')
-rw-r--r-- | libavformat/matroskadec.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index bc73bfed11..4d7076fa26 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1259,12 +1259,13 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, return 1; default: if (length) { + int64_t res2; if (ffio_limit(pb, length) != length) { // ffio_limit emits its own error message, // so we don't have to. return AVERROR(EIO); } - if ((res = avio_skip(pb, length - 1)) >= 0) { + if ((res2 = avio_skip(pb, length - 1)) >= 0) { // avio_skip might take us past EOF. We check for this // by skipping only length - 1 bytes, reading a byte and // checking the error flags. This is done in order to check @@ -1272,7 +1273,8 @@ static int ebml_parse_elem(MatroskaDemuxContext *matroska, // no filesize (that ffio_limit relies on) is available. avio_r8(pb); res = NEEDS_CHECKING; - } + } else + res = res2; } else res = 0; } |