Module: libav Branch: master Commit: 29fa570d0c74c59a4a970f5ade9fbd126314cbd9
Author: Uoti Urpala <[email protected]> Committer: Reinhard Tartler <[email protected]> Date: Thu May 12 10:20:27 2011 -0400 asfdec: fix possible overread on broken files. --- libavformat/asfdec.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index e9a3995..ed02d40 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -852,7 +852,10 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){ } if (asf->packet_flags & 0x01) { DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal - if(asf->packet_frag_size > asf->packet_size_left - rsize){ + if (rsize > asf->packet_size_left) { + av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n"); + return -1; + } else if(asf->packet_frag_size > asf->packet_size_left - rsize){ if (asf->packet_frag_size > asf->packet_size_left - rsize + asf->packet_padsize) { av_log(s, AV_LOG_ERROR, "packet_frag_size is invalid (%d-%d)\n", asf->packet_size_left, rsize); return -1; _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
