[FFmpeg-cvslog] asfdec: fix assert failure on invalid files

Uoti Urpala git at videolan.org
Thu May 12 16:12:51 CEST 2011


ffmpeg | branch: master | Uoti Urpala <uau at glyph.nonexistent.invalid> | Sun Apr 24 07:21:30 2011 +0300| [bcedf2e519c60e8ffa05838c65a88934f1ead3bf] | committer: Michael Niedermayer

asfdec: fix assert failure on invalid files

Add an extra size validity check in asf_read_frame_header(). Without
this asf->packet_size_left may become negative, which triggers an
assertion failure later.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bcedf2e519c60e8ffa05838c65a88934f1ead3bf
---

 libavformat/asfdec.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 0641688..a21af77 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -842,6 +842,10 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){
         av_log(s, AV_LOG_ERROR, "unexpected packet_replic_size of %d\n", asf->packet_replic_size);
         return -1;
     }
+    if (rsize > asf->packet_size_left) {
+        av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n");
+        return -1;
+    }
     if (asf->packet_flags & 0x01) {
         DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal
         if(asf->packet_frag_size > asf->packet_size_left - rsize){



More information about the ffmpeg-cvslog mailing list