[PATCH 3/6] Make sure neither data_size nor sample_count is negative

Tomas Härdin tomas.hardin
Thu Mar 3 15:52:32 CET 2011


---
 libavformat/wav.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/libavformat/wav.c b/libavformat/wav.c
index 9cb34d1..f15e958 100644
--- a/libavformat/wav.c
+++ b/libavformat/wav.c
@@ -236,6 +236,12 @@ static int wav_read_header(AVFormatContext *s,
         avio_rl64(pb); /* RIFF size */
         data_size = avio_rl64(pb);
         sample_count = avio_rl64(pb);
+        if (data_size < 0 || sample_count < 0) {
+            av_log(s, AV_LOG_ERROR, "negative data_size and/or sample_count in "
+                   "ds64: data_size = %li, sample_count = %li\n",
+                   data_size, sample_count);
+            return AVERROR_INVALIDDATA;
+        }
         avio_seek(pb, size - 16, SEEK_CUR); /* skip rest of ds64 chunk */
     }
 
-- 
1.7.1


--------------030501020607050807010901--



More information about the ffmpeg-devel mailing list