From 44ed34b79097b972095e7c9efae32a13b4bc51dc Mon Sep 17 00:00:00 2001
From: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Date: Wed, 26 Aug 2009 08:38:44 +0000
Subject: Check for seek failures in avi_load_index, otherwise if the index
 offset is invalid (e.g. truncated file) we might end up reading the whole
 file since trying to seek beyond the end of file does not set EOF.

Originally committed as revision 19709 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/avidec.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'libavformat/avidec.c')

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 7093e9150d..2175374e6e 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -1001,8 +1001,10 @@ static int avi_load_index(AVFormatContext *s)
     ByteIOContext *pb = s->pb;
     uint32_t tag, size;
     int64_t pos= url_ftell(pb);
+    int ret = -1;
 
-    url_fseek(pb, avi->movi_end, SEEK_SET);
+    if (url_fseek(pb, avi->movi_end, SEEK_SET) < 0)
+        goto the_end; // maybe truncated file
 #ifdef DEBUG_SEEK
     printf("movi_end=0x%"PRIx64"\n", avi->movi_end);
 #endif
@@ -1023,19 +1025,20 @@ static int avi_load_index(AVFormatContext *s)
         case MKTAG('i', 'd', 'x', '1'):
             if (avi_read_idx1(s, size) < 0)
                 goto skip;
-            else
+            ret = 0;
                 goto the_end;
             break;
         default:
         skip:
             size += (size & 1);
-            url_fskip(pb, size);
+            if (url_fseek(pb, size, SEEK_CUR) < 0)
+                goto the_end; // something is wrong here
             break;
         }
     }
  the_end:
     url_fseek(pb, pos, SEEK_SET);
-    return 0;
+    return ret;
 }
 
 static int avi_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp, int flags)
-- 
cgit v1.2.3