Author: spyfeng
Date: Sun Apr 25 08:01:03 2010
New Revision: 5774
Log:
check mms->asf_packet_len <=0 and return failure value.
Modified:
mms/mmst.c
Modified: mms/mmst.c
==============================================================================
--- mms/mmst.c Tue Apr 20 17:50:20 2010 (r5773)
+++ mms/mmst.c Sun Apr 25 08:01:03 2010 (r5774)
@@ -409,9 +409,10 @@ static int asf_header_parser(MMSContext
/* read packet size */
if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 +
64);
- if (mms->asf_packet_len > sizeof(mms->in_buffer)) {
+ if (mms->asf_packet_len <= 0 || mms->asf_packet_len >
sizeof(mms->in_buffer)) {
dprintf(NULL,"Too large packet len:%d"
" may overwrite in_buffer when padding",
mms->asf_packet_len);
+ return -1;
}
}
} else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
_______________________________________________
FFmpeg-soc mailing list
[email protected]
https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-soc
