matroskadec: Check EBML lace sizes.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

matroskadec: Check EBML lace sizes.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
3b93bea9 · Michael Niedermayer · 115c3bc4 · 3b93bea9
Commit 3b93bea9 authored Apr 04, 2013 by Michael Niedermayer
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

matroskadec.c libavformat/matroskadec.c +4 -4

No files found.
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2027,10 +2027,10 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf,
        uint64_t num;
        uint64_t total;
        n = matroska_ebmlnum_uint(matroska, data, size, &num);
-        if (n < 0) {
+        if (n < 0 || num > INT_MAX) {
            av_log(matroska->ctx, AV_LOG_INFO,
                   "EBML block data error\n");
-            res = n;
+            res = n<0 ? n : AVERROR_INVALIDDATA;
            break;
        }
        data += n;
@@ -2040,10 +2040,10 @@ static int matroska_parse_laces(MatroskaDemuxContext *matroska, uint8_t **buf,
            int64_t snum;
            int r;
            r = matroska_ebmlnum_sint(matroska, data, size, &snum);
-            if (r < 0) {
+            if (r < 0 || lace_size[n - 1] + snum > (uint64_t)INT_MAX) {
                av_log(matroska->ctx, AV_LOG_INFO,
                       "EBML block data error\n");
-                res = r;
+                res = r<0 ? r : AVERROR_INVALIDDATA;
                break;
            }
            data += r;