eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-12-16 12:00:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

omadec: Properly check lengths before incrementing the position

Browse Source 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 342c43d154)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 9eba02d5dd)
This commit is contained in:
Martin Storsjö
2013-09-11 14:54:05 +03:00
committed by Luca Barbato
parent 9291012d52
commit 7981b5c20e
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libavformat/omadec.c
View File

@@ -170,7 +170,11 @@ static int nprobe(AVFormatContext *s, uint8_t *enc_header, unsigned size,
taglen = AV_RB32(&enc_header[pos+32]);
datalen = AV_RB32(&enc_header[pos+36]) >> 4;
pos += 44 + taglen;
pos += 44;
if (size - pos < taglen)
return -1;
pos += taglen;
if (datalen << 4 > size - pos)
return -1;