ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinha...@gmail.com> | Tue Jun 23 14:05:17 2020 +0200| [2f687bc83e87cd289fafcebd026fe7f586f86332] | committer: Andreas Rheinhardt
avformat/smacker: Check audio frame size The first four bytes of smacker audio are supposed to contain the number of samples, so treat audio frames smaller than that as invalid. Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f687bc83e87cd289fafcebd026fe7f586f86332 --- libavformat/smacker.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 787c5d8972..c803ecbec9 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -307,14 +307,14 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) if(flags & 1) { uint32_t size; - size = avio_rl32(s->pb) - 4; - if (!size || size + 4LL > frame_size) { + size = avio_rl32(s->pb); + if ((int)size < 8 || size > frame_size) { av_log(s, AV_LOG_ERROR, "Invalid audio part size\n"); ret = AVERROR_INVALIDDATA; goto next_frame; } frame_size -= size; - frame_size -= 4; + size -= 4; if ((ret = av_reallocp(&smk->bufs[smk->curstream], size)) < 0) { smk->buf_sizes[smk->curstream] = 0; goto next_frame; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
