Check for seek failures in avi_load_index, otherwise if the index offset

is invalid (e.g. truncated file) we might end up reading the whole file since trying to seek beyond the end of file does not set EOF. Originally committed as revision 19709 to svn://svn.ffmpeg.org/ffmpeg/trunk

Check for seek failures in avi_load_index, otherwise if the index offset
is invalid (e.g. truncated file) we might end up reading the whole file since trying to seek beyond the end of file does not set EOF. Originally committed as revision 19709 to svn://svn.ffmpeg.org/ffmpeg/trunk
44ed34b7 · Reimar Döffinger · d5a30f86 · 44ed34b7
Commit 44ed34b7 authored Aug 26, 2009 by Reimar Döffinger
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 4 deletions

avidec.c libavformat/avidec.c +7 -4

No files found.
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -1001,8 +1001,10 @@ static int avi_load_index(AVFormatContext *s)
    ByteIOContext *pb = s->pb;
    uint32_t tag, size;
    int64_t pos= url_ftell(pb);
+    int ret = -1;
-    url_fseek(pb, avi->movi_end, SEEK_SET);
+    if (url_fseek(pb, avi->movi_end, SEEK_SET) < 0)
+        goto the_end; // maybe truncated file
 #ifdef DEBUG_SEEK
    printf("movi_end=0x%"PRIx64"\n", avi->movi_end);
 #endif
@@ -1023,19 +1025,20 @@ static int avi_load_index(AVFormatContext *s)
        case MKTAG('i', 'd', 'x', '1'):
            if (avi_read_idx1(s, size) < 0)
                goto skip;
-            else
+            ret = 0;
                goto the_end;
            break;
        default:
        skip:
            size += (size & 1);
-            url_fskip(pb, size);
+            if (url_fseek(pb, size, SEEK_CUR) < 0)
+                goto the_end; // something is wrong here
            break;
        }
    }
 the_end:
    url_fseek(pb, pos, SEEK_SET);
-    return 0;
+    return ret;
 }
 static int avi_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp, int flags)