Mercurial > libavformat.hg

diff smacker.c @ 1079:40e81416015d libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sanity checks some might have been exploitable
author michael
date Sat, 13 May 2006 11:37:56 +0000
parents a9d8381ff40d
children 0319672689ef
line wrap: on
line diff
--- a/smacker.c	Fri May 12 15:13:51 2006 +0000
+++ b/smacker.c	Sat May 13 11:37:56 2006 +0000
@@ -114,6 +114,13 @@
     for(i = 0; i < 7; i++)
         smk->audio[i] = get_le32(pb);
     smk->treesize = get_le32(pb);
+
+    if(smk->treesize >= UINT_MAX/4){ // smk->treesize + 16 must not overflow (this check is probably redundant)
+        av_log(s, AV_LOG_ERROR, "treesize too large\n");
+        return -1;
+    }
+
+//FIXME remove extradata "rebuilding"
     smk->mmap_size = get_le32(pb);
     smk->mclr_size = get_le32(pb);
     smk->full_size = get_le32(pb);