[FFmpeg-devel] [PATCH 1/2] avformat/mp3dec: Check that the frame fits within the probe buffer
Limin Wang
lance.lmwang at gmail.com
Fri Nov 8 08:48:19 EET 2019
On Thu, Nov 07, 2019 at 10:25:31PM +0100, Michael Niedermayer wrote:
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/mp3dec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mp3dec.c b/libavformat/mp3dec.c
> index 258f19174b..6848415657 100644
> --- a/libavformat/mp3dec.c
> +++ b/libavformat/mp3dec.c
> @@ -91,7 +91,7 @@ static int mp3_read_probe(const AVProbeData *p)
>
> header = AV_RB32(buf2);
> ret = avpriv_mpegaudio_decode_header(&h, header);
> - if (ret != 0)
> + if (ret != 0 || end - buf2 < h.frame_size)
I think it's unneed to do the extra checking, as the buf2 will add
the h.frame_size in the next code, it'll break still if buf2 > end
for the for condition.
> break;
> buf2 += h.frame_size;
> framesizes += h.frame_size;
> --
> 2.23.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list