* commit '83c285f88016b087c2f0f4b9ef356ad8ef12d947':
wtv: Add more sanity checks for a length read from the file
Conflicts:
libavformat/wtv.c
See: c42efad3c34cace09555e05fd0cb81cb59cc726f
Merged-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -261,7 +261,12 @@ static AVIOContext * wtvfile_open2(AVFormatContext *s, const uint8_t *buf, int b |
261 | 261 |
dir_length = AV_RL16(buf + 16); |
262 | 262 |
file_length = AV_RL64(buf + 24); |
263 | 263 |
name_size = 2 * AV_RL32(buf + 32); |
264 |
- if (buf + 48 + (int64_t)name_size > buf_end || name_size<0) { |
|
264 |
+ if (name_size < 0) { |
|
265 |
+ av_log(s, AV_LOG_ERROR, |
|
266 |
+ "bad filename length, remaining directory entries ignored\n"); |
|
267 |
+ break; |
|
268 |
+ } |
|
269 |
+ if (48 + (int64_t)name_size > buf_end - buf) { |
|
265 | 270 |
av_log(s, AV_LOG_ERROR, "filename exceeds buffer size; remaining directory entries ignored\n"); |
266 | 271 |
break; |
267 | 272 |
} |