[FFmpeg-cvslog] matroskadec: Check EBML lace sizes.
    Michael Niedermayer 
    git at videolan.org
       
    Thu Apr  4 15:53:04 CEST 2013
    
    
  
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Apr  4 15:39:23 2013 +0200| [3b93bea9e3cad046779b05b065d8566be303bea0] | committer: Michael Niedermayer
matroskadec: Check EBML lace sizes.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b93bea9e3cad046779b05b065d8566be303bea0
---
 libavformat/matroskadec.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 39559b5..ad0401a 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2027,10 +2027,10 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf,
         uint64_t num;
         uint64_t total;
         n = matroska_ebmlnum_uint(matroska, data, size, &num);
-        if (n < 0) {
+        if (n < 0 || num > INT_MAX) {
             av_log(matroska->ctx, AV_LOG_INFO,
                    "EBML block data error\n");
-            res = n;
+            res = n<0 ? n : AVERROR_INVALIDDATA;
             break;
         }
         data += n;
@@ -2040,10 +2040,10 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf,
             int64_t snum;
             int r;
             r = matroska_ebmlnum_sint(matroska, data, size, &snum);
-            if (r < 0) {
+            if (r < 0 || lace_size[n - 1] + snum > (uint64_t)INT_MAX) {
                 av_log(matroska->ctx, AV_LOG_INFO,
                        "EBML block data error\n");
-                res = r;
+                res = r<0 ? r : AVERROR_INVALIDDATA;
                 break;
             }
             data += r;
    
    
More information about the ffmpeg-cvslog
mailing list