Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: [email protected]
---
libavformat/matroskadec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index e8ef81f..dc32fd1 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1622,6 +1622,10 @@ static int matroska_read_header(AVFormatContext *s)
track->audio.sub_packet_h = avio_rb16(&b);
track->audio.frame_size = avio_rb16(&b);
track->audio.sub_packet_size = avio_rb16(&b);
+ if (flavor <= 0 || track->audio.coded_framesize <= 0 ||
+ track->audio.sub_packet_h <= 0 || track->audio.frame_size <= 0
||
+ track->audio.sub_packet_size <= 0)
+ return AVERROR_INVALIDDATA;
track->audio.buf = av_malloc(track->audio.frame_size *
track->audio.sub_packet_h);
if (codec_id == AV_CODEC_ID_RA_288) {
st->codec->block_align = track->audio.coded_framesize;
--
1.7.9.4
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
