From 2219e27b5b17d146e4ab71a3ed86dfc013fb7a93 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Wed, 17 Apr 2013 21:19:23 +0200 Subject: oma: correctly mark and decrypt partial packets Incomplete crypted files would lead to a read after buffer boundary otherwise. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavformat/omadec.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'libavformat') diff --git a/libavformat/omadec.c b/libavformat/omadec.c index 5bfaea5cf0..1d7fc91819 100644 --- a/libavformat/omadec.c +++ b/libavformat/omadec.c @@ -405,6 +405,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt) int packet_size = s->streams[0]->codec->block_align; int ret = av_get_packet(s->pb, pkt, packet_size); + if (ret < packet_size) + pkt->flags |= AV_PKT_FLAG_CORRUPT; + if (ret < 0) return ret; if (!ret) @@ -415,8 +418,11 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt) if (oc->encrypted) { /* previous unencrypted block saved in IV for * the next packet (CBC mode) */ - av_des_crypt(&oc->av_des, pkt->data, pkt->data, - (packet_size >> 3), oc->iv, 1); + if (ret == packet_size) + av_des_crypt(&oc->av_des, pkt->data, pkt->data, + (packet_size >> 3), oc->iv, 1); + else + memset(oc->iv, 0, 8); } return ret; -- cgit v1.2.3