[FFmpeg-devel] [PATCH] matroskadec: Fix a buffer overread

Aurelien Jacobs aurel
Sat Mar 6 15:35:23 CET 2010


On Fri, Mar 05, 2010 at 10:54:56PM -0500, David Conrad wrote:
> ---
>  libavformat/matroskadec.c |    6 ++++++
>  1 files changed, 6 insertions(+), 0 deletions(-)
> 
> diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
> index 84d06c7..3ee9f39 100644
> --- a/libavformat/matroskadec.c
> +++ b/libavformat/matroskadec.c
> @@ -1676,6 +1676,11 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
>                  int offset = 0, pkt_size = lace_size[n];
>                  uint8_t *pkt_data = data;
>  
> +                if (lace_size[n] > size) {
> +                    av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n");
> +                    continue;
> +                }

Why 'continue' ? I guess that when one lace is broken it's useless
(or even wrong) to try to read next lace, starting where previous lace
was supposed to start...
So I guess that 'break' would be better than 'continue'.
Except that, patch looks OK.

Aurel



More information about the ffmpeg-devel mailing list