Incomplete crypted files would lead to a read after buffer boundary otherwise.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected] --- This version should work better in the case we the patial packet isn't caused by an end of file. libavformat/omadec.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavformat/omadec.c b/libavformat/omadec.c index b05a7d5..87d2576 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -402,6 +402,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt) int packet_size = s->streams[0]->codec->block_align; int ret = av_get_packet(s->pb, pkt, packet_size); + if (ret < packet_size) + pkt->flags |= AV_PKT_FLAG_CORRUPT; + if (ret <= 0) return AVERROR(EIO); @@ -410,8 +413,11 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt) if (oc->encrypted) { /* previous unencrypted block saved in IV for * the next packet (CBC mode) */ - av_des_crypt(&oc->av_des, pkt->data, pkt->data, - (packet_size >> 3), oc->iv, 1); + if (ret == packet_size) + av_des_crypt(&oc->av_des, pkt->data, pkt->data, + (packet_size >> 3), oc->iv, 1); + else + memset(oc->iv, 0, 8); } return ret; -- 1.8.1.5 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
