Bug-Id: CID 1258461
CC: [email protected]
---
libavformat/siff.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/siff.c b/libavformat/siff.c
index 8ba7c60..9ef3066 100644
--- a/libavformat/siff.c
+++ b/libavformat/siff.c
@@ -204,6 +204,8 @@ static int siff_read_packet(AVFormatContext *s, AVPacket
*pkt)
if (!c->curstrm){
size = c->pktsize - c->sndsize;
+ if (size < 0)
+ return AVERROR_INVALIDDATA;
if (av_new_packet(pkt, size) < 0)
return AVERROR(ENOMEM);
AV_WL16(pkt->data, c->flags);
@@ -213,6 +215,8 @@ static int siff_read_packet(AVFormatContext *s, AVPacket
*pkt)
pkt->stream_index = 0;
c->curstrm = -1;
}else{
+ if (c->sndsize < 4)
+ return AVERROR_INVALIDDATA;
if ((size = av_get_packet(s->pb, pkt, c->sndsize - 4)) < 0)
return AVERROR(EIO);
pkt->stream_index = 1;
--
1.9.0
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
