[FFmpeg-devel] [PATCH 2/6] avcodec/movtextdec: Improve size check

[Andreas Rheinhardt]

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
---
The error checks here are btw a bit inconsistent: Most errors only lead
to a break; in case of errors from parsing the boxes this just ends
the box-parsing for-loop, not the outer while loop (and is therefore
actually redundant, because for each type there is at most one 
corresponding Box entry for parsing). Yet this is different.

 libavcodec/movtextdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 8dd571d64c..5083308d58 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -537,8 +537,8 @@ static int mov_text_decode_frame(AVCodecContext *avctx,
                 m->size_var = 8;
             //size_var is equal to 8 or 16 depending on the size of box
 
-            if (tsmb_size == 0) {
-                av_log(avctx, AV_LOG_ERROR, "tsmb_size is 0\n");
+            if (tsmb_size < m->size_var) {
+                av_log(avctx, AV_LOG_ERROR, "tsmb_size invalid\n");
                 return AVERROR_INVALIDDATA;
             }
 
-- 
2.32.0