[FFmpeg-devel] [PATCH] matroskadec: Fix a buffer overread
Aurelien Jacobs
aurel
Sat Mar 6 15:35:23 CET 2010
On Fri, Mar 05, 2010 at 10:54:56PM -0500, David Conrad wrote:
> ---
> libavformat/matroskadec.c | 6 ++++++
> 1 files changed, 6 insertions(+), 0 deletions(-)
>
> diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
> index 84d06c7..3ee9f39 100644
> --- a/libavformat/matroskadec.c
> +++ b/libavformat/matroskadec.c
> @@ -1676,6 +1676,11 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
> int offset = 0, pkt_size = lace_size[n];
> uint8_t *pkt_data = data;
>
> + if (lace_size[n] > size) {
> + av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n");
> + continue;
> + }
Why 'continue' ? I guess that when one lace is broken it's useless
(or even wrong) to try to read next lace, starting where previous lace
was supposed to start...
So I guess that 'break' would be better than 'continue'.
Except that, patch looks OK.
Aurel
More information about the ffmpeg-devel
mailing list