Mercurial > libavformat.hg
comparison ffmdec.c @ 3355:fa366fc51861 libavformat
return error if frame_offset is negative, prevent segfault
| author | bcoudurier |
|---|---|
| date | Mon, 26 May 2008 03:53:48 +0000 |
| parents | 5be8d622e458 |
| children | b3f6a5104280 |
comparison
equal
deleted
inserted
replaced
| 3354:5be8d622e458 | 3355:fa366fc51861 |
|---|---|
| 102 ffm->pts = get_be64(pb); | 102 ffm->pts = get_be64(pb); |
| 103 ffm->first_frame_in_packet = 1; | 103 ffm->first_frame_in_packet = 1; |
| 104 frame_offset = get_be16(pb); | 104 frame_offset = get_be16(pb); |
| 105 get_buffer(pb, ffm->packet, ffm->packet_size - FFM_HEADER_SIZE); | 105 get_buffer(pb, ffm->packet, ffm->packet_size - FFM_HEADER_SIZE); |
| 106 ffm->packet_end = ffm->packet + (ffm->packet_size - FFM_HEADER_SIZE - fill_size); | 106 ffm->packet_end = ffm->packet + (ffm->packet_size - FFM_HEADER_SIZE - fill_size); |
| 107 if (ffm->packet_end < ffm->packet) | 107 if (ffm->packet_end < ffm->packet || frame_offset < 0) |
| 108 return -1; | 108 return -1; |
| 109 /* if first packet or resynchronization packet, we must | 109 /* if first packet or resynchronization packet, we must |
| 110 handle it specifically */ | 110 handle it specifically */ |
| 111 if (ffm->first_packet || (frame_offset & 0x8000)) { | 111 if (ffm->first_packet || (frame_offset & 0x8000)) { |
| 112 if (!frame_offset) { | 112 if (!frame_offset) { |