diff options
| -rw-r--r-- | libavformat/asf.c | 9 | ||||
| -rw-r--r-- | libavformat/asf.h | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/libavformat/asf.c b/libavformat/asf.c index 38a308bd56..6da4a282b4 100644 --- a/libavformat/asf.c +++ b/libavformat/asf.c @@ -327,6 +327,12 @@ static int asf_read_header(AVFormatContext *s, AVFormatParameters *ap) pos2 = url_ftell(pb); url_fskip(pb, gsize - (pos2 - pos1 + 24)); } else if (!memcmp(&g, &data_header, sizeof(GUID))) { + asf->data_object_offset = url_ftell(pb); + if (gsize != (uint64_t)-1 && gsize >= 24) { + asf->data_object_size = gsize - 24; + } else { + asf->data_object_size = (uint64_t)-1; + } break; } else if (!memcmp(&g, &comment_header, sizeof(GUID))) { int len1, len2, len3, len4, len5; @@ -552,6 +558,9 @@ static int asf_read_packet(AVFormatContext *s, AVPacket *pkt) /* fail safe */ url_fskip(pb, ret); asf->packet_pos= url_ftell(&s->pb); + if (asf->data_object_size != (uint64_t)-1 && + (asf->packet_pos - asf->data_object_offset >= asf->data_object_size)) + return AVERROR_IO; /* Do not exceed the size of the data object */ ret = asf_get_packet(s); //printf("READ ASF PACKET %d r:%d c:%d\n", ret, asf->packet_size_left, pc++); if (ret < 0 || url_feof(pb)) diff --git a/libavformat/asf.h b/libavformat/asf.h index 8dcf7716f1..476a089d56 100644 --- a/libavformat/asf.h +++ b/libavformat/asf.h @@ -32,7 +32,7 @@ typedef struct { int ds_data_size; int ds_silence_data; - int packet_pos; + int64_t packet_pos; } ASFStream; @@ -98,6 +98,8 @@ typedef struct { ByteIOContext pb; /* only for reading */ uint64_t data_offset; /* begining of the first data packet */ + uint64_t data_object_offset; /* data object offset (excl. GUID & size)*/ + uint64_t data_object_size; /* size of the data object */ ASFMainHeader hdr; @@ -117,7 +119,7 @@ typedef struct { int packet_obj_size; int packet_time_delta; int packet_time_start; - int packet_pos; + int64_t packet_pos; int stream_index; |