[FFmpeg-devel] [PATCH 3/3] nutdec: abort if EOF is reached in decode_info_header/read_sm_data
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed May 20 00:50:00 CEST 2015
These loops can take a lot of time if count is very large.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
libavformat/nutdec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index e979ee6..ad61d7e 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -524,6 +524,10 @@ static int decode_info_header(NUTContext *nut)
}
for (i = 0; i < count; i++) {
+ if (bc->eof_reached) {
+ av_log(s, AV_LOG_ERROR, "reached EOF while decoding info header\n");
+ return AVERROR_INVALIDDATA;
+ }
get_str(bc, name, sizeof(name));
value = get_s(bc);
str_value[0] = 0;
@@ -849,6 +853,10 @@ static int read_sm_data(AVFormatContext *s, AVIOContext *bc, AVPacket *pkt, int
int value;
if (avio_tell(bc) >= maxpos)
return AVERROR_INVALIDDATA;
+ if (bc->eof_reached) {
+ av_log(s, AV_LOG_ERROR, "reached EOF while reading sm data\n");
+ return AVERROR_INVALIDDATA;
+ }
get_str(bc, name, sizeof(name));
value = get_s(bc);
--
2.1.4
More information about the ffmpeg-devel
mailing list