eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-12-14 19:10:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

ea: check chunk_size for validity.

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 273e6af47b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 6a86b705e1d4b72f0dddfbe23ad3eed9947001d5)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This commit is contained in:
Ronald S. Bultje
2012-05-04 16:06:26 -07:00
committed by Reinhard Tartler
parent 269dbc5359
commit 50336dc4f1
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libavformat/electronicarts.c
View File

@@ -468,12 +468,17 @@ static int ea_read_packet(AVFormatContext *s,
while (!packet_read) { while (!packet_read) {
chunk_type = avio_rl32(pb); chunk_type = avio_rl32(pb);
chunk_size = (ea->big_endian ? avio_rb32(pb) : avio_rl32(pb)) - 8; chunk_size = ea->big_endian ? avio_rb32(pb) : avio_rl32(pb);
if (chunk_size <= 8)
return AVERROR_INVALIDDATA;
chunk_size -= 8;
switch (chunk_type) { switch (chunk_type) {
/* audio data */ /* audio data */
case ISNh_TAG: case ISNh_TAG:
/* header chunk also contains data; skip over the header portion*/ /* header chunk also contains data; skip over the header portion*/
if (chunk_size < 32)
return AVERROR_INVALIDDATA;
avio_skip(pb, 32); avio_skip(pb, 32);
chunk_size -= 32; chunk_size -= 32;
case ISNd_TAG: case ISNd_TAG: