[FFmpeg-cvslog] avformat/mxfdec: fix and enhance RIP KLV length checks
Marton Balint
git at videolan.org
Sun Apr 28 23:08:36 EEST 2019
ffmpeg | branch: master | Marton Balint <cus at passwd.hu> | Thu Apr 4 23:08:42 2019 +0200| [3dee6c09970dd0defad91e8270f66a4be3b6570d] | committer: Marton Balint
avformat/mxfdec: fix and enhance RIP KLV length checks
KLV length is BER encoded (variable size), but the code assumed the encoding to
always use 4 bytes.
Fixes parsing Random Index Pack in samples/MXF/issue2160/PW0805A0V01.4C5B5636.EFA330.mxf.
Signed-off-by: Marton Balint <cus at passwd.hu>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3dee6c09970dd0defad91e8270f66a4be3b6570d
---
libavformat/mxfdec.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 0f80d27534..bb72fb9841 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -3138,9 +3138,12 @@ static void mxf_read_random_index_pack(AVFormatContext *s)
goto end;
avio_seek(s->pb, file_size - length, SEEK_SET);
if (klv_read_packet(&klv, s->pb) < 0 ||
- !IS_KLV_KEY(klv.key, mxf_random_index_pack_key) ||
- klv.length != length - 20)
+ !IS_KLV_KEY(klv.key, mxf_random_index_pack_key))
goto end;
+ if (klv.next_klv != file_size || klv.length <= 4 || (klv.length - 4) % 12) {
+ av_log(s, AV_LOG_WARNING, "Invalid RIP KLV length\n");
+ goto end;
+ }
avio_skip(s->pb, klv.length - 12);
mxf->footer_partition = avio_rb64(s->pb);
More information about the ffmpeg-cvslog
mailing list