Skip to content

F
ffmpeg.wasm-core
Commit 81c1657a authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

avcodec/dvdsub_parser: Check buf_size before reading 32bit packet size 

Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent cfdb30d2
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 1 deletion
libavcodec/dvdsub_parser.c
View file @ 81c1657a
...@@ -45,8 +45,9 @@ static int dvdsub_parse(AVCodecParserContext *s, ...@@ -45,8 +45,9 @@ static int dvdsub_parse(AVCodecParserContext *s,
DVDSubParseContext *pc = s->priv_data; DVDSubParseContext *pc = s->priv_data;
if (pc->packet_index == 0) { if (pc->packet_index == 0) {
if (buf_size < 2) if (buf_size < 2 || AV_RB16(buf) && buf_size < 6) {
return buf_size; return buf_size;
}
pc->packet_len = AV_RB16(buf); pc->packet_len = AV_RB16(buf);
if (pc->packet_len == 0) /* HD-DVD subpicture packet */ if (pc->packet_len == 0) /* HD-DVD subpicture packet */
pc->packet_len = AV_RB32(buf+2); pc->packet_len = AV_RB32(buf+2);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment