# HG changeset patch
# User reimar
# Date 1246620374 0
# Node ID 5de39afaca2e32f932171a4e40dcc2c365ede7cb
# Parent  5e6156776ee2ce138454efd2ad706f521b2137d0
Check size of "strf" header against size of enclosing "LIST" if there is one.

diff -r 5e6156776ee2 -r 5de39afaca2e avidec.c
--- a/avidec.c	Fri Jul 03 11:18:56 2009 +0000
+++ b/avidec.c	Fri Jul 03 11:26:14 2009 +0000
@@ -252,6 +252,7 @@
     AVIStream *ast = NULL;
     int avih_width=0, avih_height=0;
     int amv_file_format=0;
+    uint64_t list_end = 0;
 
     avi->stream_index= -1;
 
@@ -277,6 +278,7 @@
 
         switch(tag) {
         case MKTAG('L', 'I', 'S', 'T'):
+            list_end = url_ftell(pb) + size;
             /* Ignored, except at start of video packets. */
             tag1 = get_le32(pb);
 #ifdef DEBUG
@@ -445,6 +447,9 @@
             if (stream_index >= (unsigned)s->nb_streams || avi->dv_demux) {
                 url_fskip(pb, size);
             } else {
+                uint64_t cur_pos = url_ftell(pb);
+                if (cur_pos < list_end)
+                    size = FFMIN(size, list_end - cur_pos);
                 st = s->streams[stream_index];
                 switch(codec_type) {
                 case CODEC_TYPE_VIDEO: