From 4d0ee4962be7e07cdc038a78008ef2e4e47e5f81 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Wed, 6 May 2015 02:26:57 +0200 Subject: avi: Validate sample_size And either error out or set it to 0 if it is negative. CC: libav-stable@libav.org Signed-off-by: Luca Barbato --- libavformat/avidec.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'libavformat/avidec.c') diff --git a/libavformat/avidec.c b/libavformat/avidec.c index b317b26f16..4caba46f46 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -571,6 +571,23 @@ static int avi_read_header(AVFormatContext *s) av_log(s, AV_LOG_ERROR, "unknown stream type %X\n", tag1); goto fail; } + + if (ast->sample_size < 0) { + if (s->error_recognition & AV_EF_EXPLODE) { + av_log(s, AV_LOG_ERROR, + "Invalid sample_size %d at stream %d\n", + ast->sample_size, + stream_index); + goto fail; + } + av_log(s, AV_LOG_WARNING, + "Invalid sample_size %d at stream %d " + "setting it to 0\n", + ast->sample_size, + stream_index); + ast->sample_size = 0; + } + if (ast->sample_size == 0) st->duration = st->nb_frames; ast->frame_offset = ast->cum_len; -- cgit v1.2.3