[FFmpeg-cvslog] avformat/wtvdec: Skip too big tags
Andreas Rheinhardt
git at videolan.org
Wed Sep 13 00:59:21 EEST 2023
ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at outlook.com> | Tue Sep 12 11:36:01 2023 +0200| [197f7e914bc2a7113388156df5b0e617a4a3ba32] | committer: Andreas Rheinhardt
avformat/wtvdec: Skip too big tags
get_tag() is not designed with negative length in mind;
in this case, it will allocate a very small buffer
(LEN_PRETTY_GUID + 1) and might call avio_get_str16le()
with a negative maxlen (which relies on these parameters
to be signed).
Reviewed-by: Peter Ross <pross at xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=197f7e914bc2a7113388156df5b0e617a4a3ba32
---
libavformat/wtvdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index 1103f5ba03..2de6dc2103 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -539,7 +539,7 @@ static void parse_legacy_attrib(AVFormatContext *s, AVIOContext *pb)
ff_get_guid(pb, &guid);
type = avio_rl32(pb);
length = avio_rl32(pb);
- if (!length)
+ if (length <= 0)
break;
if (ff_guidcmp(&guid, ff_metadata_guid)) {
av_log(s, AV_LOG_WARNING, "unknown guid "FF_PRI_GUID", expected metadata_guid; "
More information about the ffmpeg-cvslog
mailing list