Incomplete crypted files would lead to a read after buffer boundary otherwise.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected] --- libavformat/omadec.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavformat/omadec.c b/libavformat/omadec.c index 7c6c614..00f2a59 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -405,6 +405,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt) int packet_size = s->streams[0]->codec->block_align; int ret = av_get_packet(s->pb, pkt, packet_size); + if (ret < packet_size) + pkt->flags |= AV_PKT_FLAG_CORRUPT; + if (ret <= 0) return AVERROR(EIO); @@ -413,8 +416,11 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt) if (oc->encrypted) { /* previous unencrypted block saved in IV for * the next packet (CBC mode) */ - av_des_crypt(&oc->av_des, pkt->data, pkt->data, - (packet_size >> 3), oc->iv, 1); + if (ret == packet_size) + av_des_crypt(&oc->av_des, pkt->data, pkt->data, + (packet_size >> 3), oc->iv, 1); + else + memset(oc->iv, 0, 8); } return ret; -- 1.8.1.5 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
