[FFmpeg-cvslog] avformat/oggparseogm: check input size before reading t

Michael Niedermayer git at videolan.org
Fri Dec 27 01:28:36 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Dec 23 18:09:58 2013 +0100| [0875a9e4fc4cb622758a6b59d4cb07b64f29b8b2] | committer: Michael Niedermayer

avformat/oggparseogm: check input size before reading t

Makes no difference in outcome, as the checks on t have no effect
when t was uninitialized

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7fa2b7b5d97c_3598_anOTHERS_DixX_in_Ogg_Sample.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0875a9e4fc4cb622758a6b59d4cb07b64f29b8b2
---

 libavformat/oggparseogm.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/oggparseogm.c b/libavformat/oggparseogm.c
index 707381d..fe4c1f2 100644
--- a/libavformat/oggparseogm.c
+++ b/libavformat/oggparseogm.c
@@ -126,6 +126,8 @@ ogm_dshow_header(AVFormatContext *s, int idx)
     if(*p != 1)
         return 1;
 
+    if (os->psize < 100)
+        return AVERROR_INVALIDDATA;
     t = AV_RL32(p + 96);
 
     if(t == 0x05589f80){



More information about the ffmpeg-cvslog mailing list