Re: [FFmpeg-devel] [PATCH] avcodec/cfhd: Check the number of tag/value pairs

2016-02-11 Thread Michael Niedermayer 
On Fri, Feb 12, 2016 at 12:01:16AM +, Kieran Kunhya wrote:
> On Thu, 11 Feb 2016 at 21:12 Michael Niedermayer 
> wrote:
> 
> > Fixes potentially long loop
> > Fixes: CID1351382/11
> >
> > Signed-off-by: Michael Niedermayer 
> > ---
> >  libavcodec/cfhd.c |5 +
> >  1 file changed, 5 insertions(+)
> >
> > diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
> > index 2436aae..5ecfcef 100644
> > --- a/libavcodec/cfhd.c
> > +++ b/libavcodec/cfhd.c
> > @@ -344,6 +344,11 @@ static int cfhd_decode(AVCodecContext *avctx, void
> > *data, int *got_frame,
> >  break;
> >  } else if (tag == 2) {
> >  av_log(avctx, AV_LOG_DEBUG, "tag=2 header - skipping %i
> > tag/value pairs\n", data);
> > +if (data > bytestream2_get_bytes_left() / 4) {
> > +av_log(avctx, AV_LOG_ERROR, "too many tag/value pairs
> > (%d)\n", data);
> > +ret = AVERROR_INVALIDDATA;
> > +break;
> > +}
> >  for (i = 0; i < data; i++) {
> >  uint16_t tag2 = bytestream2_get_be16();
> >  uint16_t val2 = bytestream2_get_be16();
> > --
> > 1.7.9.5
> >
> > ___
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> 
> Ok

applied

thanks

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I know you won't believe me, but the highest form of Human Excellence is
to question oneself and others. -- Socrates


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] avcodec/cfhd: Check the number of tag/value pairs

2016-02-11 Thread Michael Niedermayer 
Fixes potentially long loop
Fixes: CID1351382/11

Signed-off-by: Michael Niedermayer 
---
 libavcodec/cfhd.c |5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 2436aae..5ecfcef 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -344,6 +344,11 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, 
int *got_frame,
 break;
 } else if (tag == 2) {
 av_log(avctx, AV_LOG_DEBUG, "tag=2 header - skipping %i tag/value 
pairs\n", data);
+if (data > bytestream2_get_bytes_left() / 4) {
+av_log(avctx, AV_LOG_ERROR, "too many tag/value pairs (%d)\n", 
data);
+ret = AVERROR_INVALIDDATA;
+break;
+}
 for (i = 0; i < data; i++) {
 uint16_t tag2 = bytestream2_get_be16();
 uint16_t val2 = bytestream2_get_be16();
-- 
1.7.9.5

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel