Incomplete crypted files would lead to a read after buffer boundary otherwise.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected] --- libavformat/omadec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/omadec.c b/libavformat/omadec.c index 0a8bf9f..945ff9e 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -401,6 +401,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt) int packet_size = s->streams[0]->codec->block_align; int ret = av_get_packet(s->pb, pkt, packet_size); + if (ret < packet_size) + pkt->flags |= AV_PKT_FLAG_CORRUPT; + if (ret <= 0) return AVERROR(EIO); @@ -410,7 +413,7 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt) /* previous unencrypted block saved in IV for * the next packet (CBC mode) */ av_des_crypt(&oc->av_des, pkt->data, pkt->data, - (packet_size >> 3), oc->iv, 1); + (ret >> 3), oc->iv, 1); } return ret; -- 1.8.1.5 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
