From 2e6ba1993ef41af4a224e854077e4ba4d30f246b Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Date: Thu, 7 Jan 2016 10:02:53 +0100
Subject: asfdec: make sure packet_size is non-zero before seeking
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This fixes infinite loops due to seeking back.

Signed-off-by: Alexandra Hájková <alexandra@khirnov.net>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
---
 libavformat/asfdec.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'libavformat/asfdec.c')

diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index cbab9a2dd6..85d32668f8 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -1291,6 +1291,10 @@ static int asf_read_payload(AVFormatContext *s, AVPacket *pkt)
         }
         if (!asf_pkt) {
             if (asf->packet_offset + asf->packet_size <= asf->data_offset + asf->data_size) {
+                if (!asf->packet_size) {
+                    av_log(s, AV_LOG_ERROR, "Invalid packet size 0.\n");
+                    return AVERROR_INVALIDDATA;
+                }
                 avio_seek(pb, asf->packet_offset + asf->packet_size, SEEK_SET);
                 av_log(s, AV_LOG_WARNING, "Skipping the stream with the invalid stream index %d.\n",
                        asf->stream_index);
-- 
cgit v1.2.3