[SCM] libav/experimental: stop parsing if tag size is wrongly < 8 to avoid infinite loop
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 16:30:28 UTC 2013
The following commit has been merged in the experimental branch:
commit 4e240985d8b856e62e4e0377283138cf51cc398e
Author: Baptiste Coudurier <baptiste.coudurier at gmail.com>
Date: Wed Sep 24 18:55:00 2008 +0000
stop parsing if tag size is wrongly < 8 to avoid infinite loop
Originally committed as revision 15401 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavformat/mov.c b/libavformat/mov.c
index aec9a9d..c853012 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1379,7 +1379,7 @@ static int mov_read_udta(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
uint32_t tag = get_le32(pb);
uint64_t next = url_ftell(pb) + tag_size - 8;
- if (next > end) // stop if tag_size is wrong
+ if (tag_size < 8 || next > end) // stop if tag_size is wrong
break;
switch (tag) {
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list