stop parsing if tag size is wrongly < 8 to avoid infinite loop

Originally committed as revision 15401 to svn://svn.ffmpeg.org/ffmpeg/trunk

stop parsing if tag size is wrongly < 8 to avoid infinite loop
Originally committed as revision 15401 to svn://svn.ffmpeg.org/ffmpeg/trunk
4e240985 · Baptiste Coudurier · f2d65a6c · 4e240985
Commit 4e240985 authored Sep 24, 2008 by Baptiste Coudurier
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

mov.c libavformat/mov.c +1 -1

No files found.
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1379,7 +1379,7 @@ static int mov_read_udta(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
        uint32_t tag      = get_le32(pb);
        uint64_t next     = url_ftell(pb) + tag_size - 8;
-        if (next > end) // stop if tag_size is wrong
+        if (tag_size < 8 || next > end) // stop if tag_size is wrong
            break;
        switch (tag) {