On Sat, Feb 7, 2015 at 8:14 AM, Luca Barbato <[email protected]> wrote: > Bug-Id: CID 1258461 > CC: [email protected] > --- > libavformat/siff.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/siff.c b/libavformat/siff.c > index cf71514..79bfe7e 100644 > --- a/libavformat/siff.c > +++ b/libavformat/siff.c > @@ -202,6 +202,8 @@ static int siff_read_packet(AVFormatContext *s, AVPacket > *pkt) > avio_read(s->pb, c->gmc, c->gmcsize); > c->sndsize = (c->flags & VB_HAS_AUDIO) ? avio_rl32(s->pb) : 0; > c->curstrm = !!(c->flags & VB_HAS_AUDIO); > + if (c->pktsize < c->sndsize || c->sndsize < 4) > + return AVERROR_INVALIDDATA; > } > > if (!c->curstrm) { > -- > 1.9.0 >
probably ok -- Vittorio _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
