[FFmpeg-cvslog] avformat/ty: do not overread chunk
Paul B Mahol
git at videolan.org
Mon Nov 6 22:02:26 EET 2017
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Mon Nov 6 21:00:08 2017 +0100| [a29a0aba79dad35a80cfcdf6db6b506afb48dcaa] | committer: Paul B Mahol
avformat/ty: do not overread chunk
Signed-off-by: Paul B Mahol <onemda at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a29a0aba79dad35a80cfcdf6db6b506afb48dcaa
---
libavformat/ty.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/ty.c b/libavformat/ty.c
index 3926d3e9b7..1ce72dd0f9 100644
--- a/libavformat/ty.c
+++ b/libavformat/ty.c
@@ -249,7 +249,11 @@ static int analyze_chunk(AVFormatContext *s, const uint8_t *chunk)
* in MPEG packets to determine tivo_type */
if (ty->tivo_type == TIVO_TYPE_UNKNOWN) {
uint32_t data_offset = 16 * num_recs;
+
for (i = 0; i < num_recs; i++) {
+ if (data_offset + hdrs[i].rec_size > CHUNK_SIZE)
+ break;
+
if ((hdrs[i].subrec_type << 0x08 | hdrs[i].rec_type) == 0x3c0 && hdrs[i].rec_size > 15) {
/* first make sure we're aligned */
int pes_offset = find_es_header(ty_MPEGAudioPacket,
More information about the ffmpeg-cvslog
mailing list