[FFmpeg-cvslog] asf: error out on ridiculously large minpktsize values.

[Ronald S. Bultje]

ffmpeg | branch: release/0.8 | Ronald S. Bultje <rsbultje at gmail.com> | Fri Feb 17 12:21:22 2012 -0800| [18caebca4c91605fd0a9f5bc339a63be9a6c977a] | committer: Reinhard Tartler

asf: error out on ridiculously large minpktsize values.

They cause various issues further down in demuxing.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 6e57a02b9f639af53acfa9fc742c1341400818f8)

Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=18caebca4c91605fd0a9f5bc339a63be9a6c977a
---

 libavformat/asfdec.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 6038867..6172170 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -202,6 +202,8 @@ static int asf_read_file_properties(AVFormatContext *s, int64_t size)
     asf->hdr.flags              = avio_rl32(pb);
     asf->hdr.min_pktsize        = avio_rl32(pb);
     asf->hdr.max_pktsize        = avio_rl32(pb);
+    if (asf->hdr.min_pktsize >= (1U<<29))
+        return AVERROR_INVALIDDATA;
     asf->hdr.max_bitrate        = avio_rl32(pb);
     s->packet_size = asf->hdr.max_pktsize;
 
@@ -616,7 +618,9 @@ static int asf_read_header(AVFormatContext *s, AVFormatParameters *ap)
         if (gsize < 24)
             return -1;
         if (!ff_guidcmp(&g, &ff_asf_file_header)) {
-            asf_read_file_properties(s, gsize);
+            int ret = asf_read_file_properties(s, gsize);
+            if (ret < 0)
+                return ret;
         } else if (!ff_guidcmp(&g, &ff_asf_stream_header)) {
             asf_read_stream_properties(s, gsize);
         } else if (!ff_guidcmp(&g, &ff_asf_comment_header)) {