[FFmpeg-cvslog] r15401 - trunk/libavformat/mov.c
bcoudurier
subversion
Wed Sep 24 20:55:00 CEST 2008
Author: bcoudurier
Date: Wed Sep 24 20:55:00 2008
New Revision: 15401
Log:
stop parsing if tag size is wrongly < 8 to avoid infinite loop
Modified:
trunk/libavformat/mov.c
Modified: trunk/libavformat/mov.c
==============================================================================
--- trunk/libavformat/mov.c (original)
+++ trunk/libavformat/mov.c Wed Sep 24 20:55:00 2008
@@ -1379,7 +1379,7 @@ static int mov_read_udta(MOVContext *c,
uint32_t tag = get_le32(pb);
uint64_t next = url_ftell(pb) + tag_size - 8;
- if (next > end) // stop if tag_size is wrong
+ if (tag_size < 8 || next > end) // stop if tag_size is wrong
break;
switch (tag) {
More information about the ffmpeg-cvslog
mailing list