On Sat, 27 Apr 2013 11:38:10 +0200, Luca Barbato <[email protected]> wrote: > Incomplete crypted files would lead to a read after buffer boundary > otherwise. > > Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC: [email protected] > --- > > This version should work better in the case we the patial packet > isn't caused by an end of file. > > libavformat/omadec.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/libavformat/omadec.c b/libavformat/omadec.c > index b05a7d5..87d2576 100644 > --- a/libavformat/omadec.c > +++ b/libavformat/omadec.c > @@ -402,6 +402,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket > *pkt) > int packet_size = s->streams[0]->codec->block_align; > int ret = av_get_packet(s->pb, pkt, packet_size); > > + if (ret < packet_size) > + pkt->flags |= AV_PKT_FLAG_CORRUPT; > + > if (ret <= 0) > return AVERROR(EIO); > > @@ -410,8 +413,11 @@ static int oma_read_packet(AVFormatContext *s, AVPacket > *pkt) > if (oc->encrypted) { > /* previous unencrypted block saved in IV for > * the next packet (CBC mode) */ > - av_des_crypt(&oc->av_des, pkt->data, pkt->data, > - (packet_size >> 3), oc->iv, 1); > + if (ret == packet_size) > + av_des_crypt(&oc->av_des, pkt->data, pkt->data, > + (packet_size >> 3), oc->iv, 1); > + else > + memset(oc->iv, 0, 8);
s/8/sizeof(oc->iv) Also I think an error message would be appropriate here. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
