[FFmpeg-cvslog] avformat/matroskaenc: Check BlockAdditional size before use

Andreas Rheinhardt git at videolan.org
Fri Jul 3 16:08:28 EEST 2020


ffmpeg | branch: release/3.3 | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sun Jan 26 06:10:27 2020 +0100| [ff1a79d7f33ee290ffa0c92830330a4aa4b04c4f] | committer: Andreas Rheinhardt

avformat/matroskaenc: Check BlockAdditional size before use

Don't read a 64bit number before having checked that the data is at
least 8 bytes long.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6e9cc964293bf1e0cca6a52b2938a20d711e4146)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff1a79d7f33ee290ffa0c92830330a4aa4b04c4f
---

 libavformat/matroskaenc.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c
index 0942a00536..61da13f0fd 100644
--- a/libavformat/matroskaenc.c
+++ b/libavformat/matroskaenc.c
@@ -2111,9 +2111,13 @@ static int mkv_write_block(AVFormatContext *s, AVIOContext *pb,
                                         AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL,
                                         &side_data_size);
     if (side_data) {
-        additional_id = AV_RB64(side_data);
-        side_data += 8;
-        side_data_size -= 8;
+        if (side_data_size < 8) {
+            side_data_size = 0;
+        } else {
+            additional_id   = AV_RB64(side_data);
+            side_data      += 8;
+            side_data_size -= 8;
+        }
     }
 
     if ((side_data_size && additional_id == 1) || discard_padding) {



More information about the ffmpeg-cvslog mailing list