Skip to content

F
ffmpeg.wasm-core
Commit 3b93bea9 authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

matroskadec: Check EBML lace sizes. 

Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 115c3bc4
Show whitespace changes
Inline Side-by-side
Showing with 4 additions and 4 deletions
libavformat/matroskadec.c
View file @ 3b93bea9
...@@ -2027,10 +2027,10 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, ...@@ -2027,10 +2027,10 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf,
uint64_t num; uint64_t num;
uint64_t total; uint64_t total;
n = matroska_ebmlnum_uint(matroska, data, size, &num); n = matroska_ebmlnum_uint(matroska, data, size, &num);
if (n < 0) { if (n < 0 || num > INT_MAX) {
av_log(matroska->ctx, AV_LOG_INFO, av_log(matroska->ctx, AV_LOG_INFO,
"EBML block data error\n"); "EBML block data error\n");
res = n; res = n<0 ? n : AVERROR_INVALIDDATA;
break; break;
} }
data += n; data += n;
...@@ -2040,10 +2040,10 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf, ...@@ -2040,10 +2040,10 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf,
int64_t snum; int64_t snum;
int r; int r;
r = matroska_ebmlnum_sint(matroska, data, size, &snum); r = matroska_ebmlnum_sint(matroska, data, size, &snum);
if (r < 0) { if (r < 0 || lace_size[n - 1] + snum > (uint64_t)INT_MAX) {
av_log(matroska->ctx, AV_LOG_INFO, av_log(matroska->ctx, AV_LOG_INFO,
"EBML block data error\n"); "EBML block data error\n");
res = r; res = r<0 ? r : AVERROR_INVALIDDATA;
break; break;
} }
data += r; data += r;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment