[FFmpeg-devel] [PATCH 1/5] asfdec_o: check avio_skip in asf_read_simple_index

[Andreas Cadhalpun]

The loop can be very long, even though the file is very short.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
 libavformat/asfdec_o.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index 02809bb..bc168d3 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -970,7 +970,7 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g)
     uint64_t interval; // index entry time interval in 100 ns units, usually it's 1s
     uint32_t pkt_num, nb_entries;
     int32_t prev_pkt_num = -1;
-    int i;
+    int i, ret;
     uint64_t size = avio_rl64(pb);
 
     // simple index objects should be ordered by stream number, this loop tries to find
@@ -992,7 +992,11 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g)
     nb_entries = avio_rl32(pb);
     for (i = 0; i < nb_entries; i++) {
         pkt_num = avio_rl32(pb);
-        avio_skip(pb, 2);
+        ret = avio_skip(pb, 2);
+        if (ret < 0) {
+            av_log(s, AV_LOG_ERROR, "Skipping failed in asf_read_simple_index.\n");
+            return ret;
+        }
         if (prev_pkt_num != pkt_num) {
             av_add_index_entry(st, asf->first_packet_offset + asf->packet_size *
                                pkt_num, av_rescale(interval, i, 10000),
-- 
2.6.4