From: "Ronald S. Bultje" <[email protected]>
They cause various issues further down in demuxing.
---
libavformat/asfdec.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 2922ecf..01411fa 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -202,6 +202,8 @@ static int asf_read_file_properties(AVFormatContext *s,
int64_t size)
asf->hdr.flags = avio_rl32(pb);
asf->hdr.min_pktsize = avio_rl32(pb);
asf->hdr.max_pktsize = avio_rl32(pb);
+ if (asf->hdr.min_pktsize >= (1U<<29))
+ return AVERROR_INVALIDDATA;
asf->hdr.max_bitrate = avio_rl32(pb);
s->packet_size = asf->hdr.max_pktsize;
@@ -616,7 +618,9 @@ static int asf_read_header(AVFormatContext *s)
if (gsize < 24)
return -1;
if (!ff_guidcmp(&g, &ff_asf_file_header)) {
- asf_read_file_properties(s, gsize);
+ int ret = asf_read_file_properties(s, gsize);
+ if (ret < 0)
+ return ret;
} else if (!ff_guidcmp(&g, &ff_asf_stream_header)) {
asf_read_stream_properties(s, gsize);
} else if (!ff_guidcmp(&g, &ff_asf_comment_header)) {
--
1.7.7.4
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
