sön 2018-06-10 klockan 12:36 +0200 skrev Marton Balint:
> > Signed-off-by: Marton Balint <c...@passwd.hu>
> ---
> libavformat/mxf.h | 1 +
> libavformat/mxfdec.c | 13 ++++++++-----
> 2 files changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/libavformat/mxf.h b/libavformat/mxf.h
> index 19f8d8a9f5..93bc2cd075 100644
> --- a/libavformat/mxf.h
> +++ b/libavformat/mxf.h
> @@ -62,6 +62,7 @@ typedef struct KLVPacket {
> UID key;
> int64_t offset;
> uint64_t length;
> + int64_t next_klv;
> } KLVPacket;
>
> typedef struct MXFCodecUL {
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index b3d3e237c0..a5c5fb3b8a 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -392,7 +392,7 @@ static int mxf_read_sync(AVIOContext *pb, const uint8_t
> *key, unsigned size)
>
> static int klv_read_packet(KLVPacket *klv, AVIOContext *pb)
> {
> - int64_t length;
> + int64_t length, pos;
> if (!mxf_read_sync(pb, mxf_klv_key, 4))
> return AVERROR_INVALIDDATA;
> klv->offset = avio_tell(pb) - 4;
> @@ -402,6 +402,10 @@ static int klv_read_packet(KLVPacket *klv, AVIOContext
> *pb)
> if (length < 0)
> return length;
> klv->length = length;
> + pos = avio_tell(pb);
> + if (pos > INT64_MAX - length)
> + return AVERROR_INVALIDDATA;
I wonder, can pos be negative? That is, can avio_tell() fail? Else it
looks OK
/Tomas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
