Browse code
Merge remote-tracking branch 'qatar/master'
* qatar/master:
smacker: check frame size validity
Conflicts:
libavformat/smacker.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2013/06/17 08:04:33Showing 1 changed files
| ... | ... |
@@ -306,12 +306,14 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket *pkt) |
| 306 | 306 |
/* if audio chunks are present, put them to stack and retrieve later */ |
| 307 | 307 |
for(i = 0; i < 7; i++) {
|
| 308 | 308 |
if(flags & 1) {
|
| 309 |
- unsigned int size; |
|
| 309 |
+ uint32_t size; |
|
| 310 | 310 |
uint8_t *tmpbuf; |
| 311 | 311 |
|
| 312 | 312 |
size = avio_rl32(s->pb) - 4; |
| 313 |
- if(size + 4L > frame_size) |
|
| 313 |
+ if (!size || size + 4L > frame_size) {
|
|
| 314 |
+ av_log(s, AV_LOG_ERROR, "Invalid audio part size\n"); |
|
| 314 | 315 |
return AVERROR_INVALIDDATA; |
| 316 |
+ } |
|
| 315 | 317 |
frame_size -= size; |
| 316 | 318 |
frame_size -= 4; |
| 317 | 319 |
smk->curstream++; |