generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

electronicarts: Check packet sizes before reading

Browse Source 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit f7e616959a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This commit is contained in:
Martin Storsjö
2013-09-20 12:26:45 +03:00
committed by Luca Barbato
parent 17e7edf75b
commit 8bd27a167b
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libavformat/electronicarts.c
View File

@@ -525,10 +525,16 @@ static int ea_read_packet(AVFormatContext *s,
case AV_CODEC_ID_ADPCM_EA_R1: case AV_CODEC_ID_ADPCM_EA_R1:
case AV_CODEC_ID_ADPCM_EA_R2: case AV_CODEC_ID_ADPCM_EA_R2:
case AV_CODEC_ID_ADPCM_IMA_EA_EACS: case AV_CODEC_ID_ADPCM_IMA_EA_EACS:
pkt->duration = AV_RL32(pkt->data);
break;
case AV_CODEC_ID_ADPCM_EA_R3: case AV_CODEC_ID_ADPCM_EA_R3:
pkt->duration = AV_RB32(pkt->data); if (pkt->size < 4) {
av_log(s, AV_LOG_ERROR, "Packet is too short\n");
av_free_packet(pkt);
return AVERROR_INVALIDDATA;
}
if (ea->audio_codec == AV_CODEC_ID_ADPCM_EA_R3)
pkt->duration = AV_RB32(pkt->data);
else
pkt->duration = AV_RL32(pkt->data);
break; break;
case AV_CODEC_ID_ADPCM_IMA_EA_SEAD: case AV_CODEC_ID_ADPCM_IMA_EA_SEAD:
pkt->duration = ret * 2 / ea->num_channels; pkt->duration = ret * 2 / ea->num_channels;