Module: libav Branch: master Commit: bf50607ab76157ba251a01f5baa5cf67b23b2ee9
Author: Andreas Cadhalpun <[email protected]> Committer: Luca Barbato <[email protected]> Date: Wed Jan 6 20:59:58 2016 +0100 asfdec: check for too small size in asf_read_unknown This fixes infinite loops due to seeking back. Signed-off-by: Alexandra Hájková <[email protected]> Signed-off-by: Luca Barbato <[email protected]> --- libavformat/asfdec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index aef61bb..cbab9a2 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -190,8 +190,13 @@ static int asf_read_unknown(AVFormatContext *s, const GUIDParseTable *g) if ((ret = detect_unknown_subobject(s, asf->unknown_offset, asf->unknown_size)) < 0) return ret; - } else + } else { + if (size < 24) { + av_log(s, AV_LOG_ERROR, "Too small size %"PRIu64" (< 24).\n", size); + return AVERROR_INVALIDDATA; + } avio_skip(pb, size - 24); + } return 0; } _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
