From 13f7e4b966a99d870eeb8b6afb343d2e66a994af Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 22 Jan 2007 21:17:54 +0000 Subject: check to detect nonsense fragment size Originally committed as revision 7653 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/asf.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'libavformat') diff --git a/libavformat/asf.c b/libavformat/asf.c index 60050de0e6..6c4bb35d5d 100644 --- a/libavformat/asf.c +++ b/libavformat/asf.c @@ -571,6 +571,10 @@ static int asf_read_frame_header(AVFormatContext *s){ } if (asf->packet_flags & 0x01) { DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal + if(asf->packet_frag_size > asf->packet_size_left - rsize){ + av_log(s, AV_LOG_ERROR, "packet_frag_size is invalid\n"); + return -1; + } //printf("Fragsize %d\n", asf->packet_frag_size); } else { asf->packet_frag_size = asf->packet_size_left - rsize; -- cgit v1.2.3