Browse code
Merge commit '83c285f88016b087c2f0f4b9ef356ad8ef12d947'
* commit '83c285f88016b087c2f0f4b9ef356ad8ef12d947':
wtv: Add more sanity checks for a length read from the file
Conflicts:
libavformat/wtv.c
See: c42efad3c34cace09555e05fd0cb81cb59cc726f
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2013/09/20 21:51:02Showing 1 changed files
| ... | ... |
@@ -261,7 +261,12 @@ static AVIOContext * wtvfile_open2(AVFormatContext *s, const uint8_t *buf, int b |
| 261 | 261 |
dir_length = AV_RL16(buf + 16); |
| 262 | 262 |
file_length = AV_RL64(buf + 24); |
| 263 | 263 |
name_size = 2 * AV_RL32(buf + 32); |
| 264 |
- if (buf + 48 + (int64_t)name_size > buf_end || name_size<0) {
|
|
| 264 |
+ if (name_size < 0) {
|
|
| 265 |
+ av_log(s, AV_LOG_ERROR, |
|
| 266 |
+ "bad filename length, remaining directory entries ignored\n"); |
|
| 267 |
+ break; |
|
| 268 |
+ } |
|
| 269 |
+ if (48 + (int64_t)name_size > buf_end - buf) {
|
|
| 265 | 270 |
av_log(s, AV_LOG_ERROR, "filename exceeds buffer size; remaining directory entries ignored\n"); |
| 266 | 271 |
break; |
| 267 | 272 |
} |