Mercurial > libavformat.hg

changeset 5762:87a2727fd609 libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
matroskadec: Fix a buffer overread
author conrad
date Sun, 07 Mar 2010 02:26:30 +0000
parents 058a0e362dbe
children 14f90d20ef05
files matroskadec.c
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/matroskadec.c	Sat Mar 06 23:19:05 2010 +0000
+++ b/matroskadec.c	Sun Mar 07 02:26:30 2010 +0000
@@ -1676,6 +1676,11 @@
                 int offset = 0, pkt_size = lace_size[n];
                 uint8_t *pkt_data = data;
 
+                if (lace_size[n] > size) {
+                    av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n");
+                    break;
+                }
+
                 if (encodings && encodings->scope & 1) {
                     offset = matroska_decode_buffer(&pkt_data,&pkt_size, track);
                     if (offset < 0)
@@ -1727,6 +1732,7 @@
             if (timecode != AV_NOPTS_VALUE)
                 timecode = duration ? timecode + duration : AV_NOPTS_VALUE;
             data += lace_size[n];
+            size -= lace_size[n];
         }
     }