[FFmpeg-cvslog] mov: Fix near infinite loop in stsd parsing.

Michael Niedermayer git at videolan.org
Thu Dec 15 21:44:15 CET 2011


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 15 20:51:00 2011 +0100| [5f95c130a020ec8f6eb7ade8808f59dac5834410] | committer: Michael Niedermayer

mov: Fix near infinite loop in stsd parsing.
Fixes Ticket768
Bug found by: Diana Elena Muscalu

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5f95c130a020ec8f6eb7ade8808f59dac5834410
---

 libavformat/mov.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 7b41ec4..38248d4 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1082,6 +1082,9 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
             avio_rb32(pb); /* reserved */
             avio_rb16(pb); /* reserved */
             dref_id = avio_rb16(pb);
+        }else if (size <= 0){
+            av_log(c->fc, AV_LOG_ERROR, "invalid size %d in stsd\n", size);
+            return -1;
         }
 
         if (st->codec->codec_tag &&



More information about the ffmpeg-cvslog mailing list