On Fri, 19 Apr 2013 23:37:43 +0200, Luca Barbato <[email protected]> wrote: > Incomplete crypted files would lead to a read after buffer boundary > otherwise. > > Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC: [email protected] > --- > libavformat/omadec.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/libavformat/omadec.c b/libavformat/omadec.c > index 0a8bf9f..945ff9e 100644 > --- a/libavformat/omadec.c > +++ b/libavformat/omadec.c > @@ -401,6 +401,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket > *pkt) > int packet_size = s->streams[0]->codec->block_align; > int ret = av_get_packet(s->pb, pkt, packet_size); > > + if (ret < packet_size) > + pkt->flags |= AV_PKT_FLAG_CORRUPT; > + > if (ret <= 0) > return AVERROR(EIO); > > @@ -410,7 +413,7 @@ static int oma_read_packet(AVFormatContext *s, AVPacket > *pkt) > /* previous unencrypted block saved in IV for > * the next packet (CBC mode) */ > av_des_crypt(&oc->av_des, pkt->data, pkt->data, > - (packet_size >> 3), oc->iv, 1); > + (ret >> 3), oc->iv, 1); > } > > return ret; > -- > 1.8.1.5 >
Won't decrypting incomplete blocks lead to complete garbage? -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
