[Ffmpeg-cvslog] r5455 - trunk/libavformat/rm.c
rtogni
subversion
Sun Jun 4 23:01:02 CEST 2006
Author: rtogni
Date: Sun Jun 4 23:01:02 2006
New Revision: 5455
Modified:
trunk/libavformat/rm.c
Log:
rm_read_audio_stream_info return type is not void
Check for errors returned by rm_read_audio_stream_info
Check for overflow in aac extradata allocation
Modified: trunk/libavformat/rm.c
==============================================================================
--- trunk/libavformat/rm.c (original)
+++ trunk/libavformat/rm.c Sun Jun 4 23:01:02 2006
@@ -484,7 +484,7 @@
*q = '\0';
}
-static void rm_read_audio_stream_info(AVFormatContext *s, AVStream *st,
+static int rm_read_audio_stream_info(AVFormatContext *s, AVStream *st,
int read_all)
{
RMContext *rm = s->priv_data;
@@ -595,6 +595,10 @@
get_byte(pb);
st->codec->codec_id = CODEC_ID_AAC;
codecdata_length = get_be32(pb);
+ if(codecdata_length + FF_INPUT_BUFFER_PADDING_SIZE <= (unsigned)codecdata_length){
+ av_log(s, AV_LOG_ERROR, "codecdata_length too large\n");
+ return -1;
+ }
if (codecdata_length >= 1) {
st->codec->extradata_size = codecdata_length - 1;
st->codec->extradata = av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
@@ -618,6 +622,7 @@
get_str8(pb, s->comment, sizeof(s->comment));
}
}
+ return 0;
}
static int rm_read_header_old(AVFormatContext *s, AVFormatParameters *ap)
@@ -628,11 +633,8 @@
rm->old_format = 1;
st = av_new_stream(s, 0);
if (!st)
- goto fail;
- rm_read_audio_stream_info(s, st, 1);
- return 0;
- fail:
- return -1;
+ return -1;
+ return rm_read_audio_stream_info(s, st, 1);
}
static int rm_read_header(AVFormatContext *s, AVFormatParameters *ap)
@@ -722,7 +724,8 @@
v = get_be32(pb);
if (v == MKTAG(0xfd, 'a', 'r', '.')) {
/* ra type header */
- rm_read_audio_stream_info(s, st, 0);
+ if (rm_read_audio_stream_info(s, st, 0))
+ return -1;
} else {
int fps, fps2;
if (get_le32(pb) != MKTAG('V', 'I', 'D', 'O')) {
More information about the ffmpeg-cvslog
mailing list