[FFmpeg-devel] [PATCH] lavc/movtextdec.c: Avoid infinite loop on invalid data.
Signed-off-by: Sasi Inguva
---
libavcodec/movtextdec.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index abf8711..a33fff7 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -471,6 +471,10 @@ static int mov_text_decode_frame(AVCodecContext *avctx,
tsmb_type = AV_RB32(tsmb);
tsmb += 4;
+if (tsmb_size == 0) {
+ return AVERROR_INVALIDDATA;
+}
+
if (tsmb_size == 1) {
if (m->tracksize + 16 > avpkt->size)
break;
--
2.8.0.rc3.226.g39d4020
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] lavc/movtextdec.c: Avoid infinite loop on invalid data.
On Tue, 27 Sep 2016 19:23:20 -0700
Sasi Inguva wrote:
> Signed-off-by: Sasi Inguva
> ---
> libavcodec/movtextdec.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
> index abf8711..a33fff7 100644
> --- a/libavcodec/movtextdec.c
> +++ b/libavcodec/movtextdec.c
> @@ -471,6 +471,10 @@ static int mov_text_decode_frame(AVCodecContext
> *avctx, tsmb_type = AV_RB32(tsmb);
> tsmb += 4;
>
> +if (tsmb_size == 0) {
> + return AVERROR_INVALIDDATA;
> +}
> +
> if (tsmb_size == 1) {
> if (m->tracksize + 16 > avpkt->size)
> break;
Pushed. Thanks.
--phil
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
