[SCM] libav/experimental: matroskadec: Fix a buffer overread
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 17:03:18 UTC 2013
The following commit has been merged in the experimental branch:
commit e48f7ff3cb73fbaba0f5b8d442dc5909f705c863
Author: David Conrad <lessen42 at gmail.com>
Date: Sun Mar 7 02:26:30 2010 +0000
matroskadec: Fix a buffer overread
Originally committed as revision 22271 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 84d06c7..5ae1fde 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1676,6 +1676,11 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
int offset = 0, pkt_size = lace_size[n];
uint8_t *pkt_data = data;
+ if (lace_size[n] > size) {
+ av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n");
+ break;
+ }
+
if (encodings && encodings->scope & 1) {
offset = matroska_decode_buffer(&pkt_data,&pkt_size, track);
if (offset < 0)
@@ -1727,6 +1732,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (timecode != AV_NOPTS_VALUE)
timecode = duration ? timecode + duration : AV_NOPTS_VALUE;
data += lace_size[n];
+ size -= lace_size[n];
}
}
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list