On Thu, May 12, 2011 at 10:20:27AM -0400, Ronald S. Bultje wrote:
> From: Uoti Urpala <[email protected]>
>
> ---
> libavformat/asfdec.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
> index 77c8449..3dc104e 100644
> --- a/libavformat/asfdec.c
> +++ b/libavformat/asfdec.c
> @@ -852,7 +852,10 @@ static int asf_read_frame_header(AVFormatContext *s,
> AVIOContext *pb){
> }
> if (asf->packet_flags & 0x01) {
> DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); //
> 0 is illegal
> - if(asf->packet_frag_size > asf->packet_size_left - rsize){
> + if (rsize > asf->packet_size_left) {
> + av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n");
> + return -1;
> + } else if(asf->packet_frag_size > asf->packet_size_left - rsize){
> if (asf->packet_frag_size > asf->packet_size_left - rsize +
> asf->packet_padsize) {
> av_log(s, AV_LOG_ERROR, "packet_frag_size is invalid
> (%d-%d)\n", asf->packet_size_left, rsize);
> return -1;
Tested that testsuite and fate still work
Queued locally
regards,
Reinhard
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
