Skip to content

F
ffmpeg.wasm-core
Commit 066739f6 authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

pmpdec: check packet sizes 

Reviewed-by: 's avatarReimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 7276e9ea
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 0 deletions
libavformat/pmpdec.c
View file @ 066739f6
...@@ -49,6 +49,8 @@ static int pmp_header(AVFormatContext *s) ...@@ -49,6 +49,8 @@ static int pmp_header(AVFormatContext *s)
int srate, channels; int srate, channels;
int i; int i;
uint64_t pos; uint64_t pos;
int64_t fsize = avio_size(pb);
AVStream *vst = avformat_new_stream(s, NULL); AVStream *vst = avformat_new_stream(s, NULL);
if (!vst) if (!vst)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
...@@ -100,8 +102,16 @@ static int pmp_header(AVFormatContext *s) ...@@ -100,8 +102,16 @@ static int pmp_header(AVFormatContext *s)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
size >>= 1; size >>= 1;
if (size < 9 + 4*pmp->num_streams) {
av_log(s, AV_LOG_ERROR, "Packet too small\n");
return AVERROR_INVALIDDATA;
}
av_add_index_entry(vst, pos, i, size, 0, flags); av_add_index_entry(vst, pos, i, size, 0, flags);
pos += size; pos += size;
if (fsize > 0 && i == 0 && pos > fsize) {
av_log(s, AV_LOG_ERROR, "File ends before first packet\n");
return AVERROR_INVALIDDATA;
}
} }
for (i = 1; i < pmp->num_streams; i++) { for (i = 1; i < pmp->num_streams; i++) {
AVStream *ast = avformat_new_stream(s, NULL); AVStream *ast = avformat_new_stream(s, NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment