Commit 838f461b authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/utils: add some saftey checks to add_metadata_from_side_data()

This fixes potential overreads with crafted files.

Found-by: wm4
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 240fd8c9
...@@ -1952,10 +1952,17 @@ static int add_metadata_from_side_data(AVCodecContext *avctx, AVFrame *frame) ...@@ -1952,10 +1952,17 @@ static int add_metadata_from_side_data(AVCodecContext *avctx, AVFrame *frame)
if (!side_metadata) if (!side_metadata)
goto end; goto end;
end = side_metadata + size; end = side_metadata + size;
if (size && end[-1])
return AVERROR_INVALIDDATA;
while (side_metadata < end) { while (side_metadata < end) {
const uint8_t *key = side_metadata; const uint8_t *key = side_metadata;
const uint8_t *val = side_metadata + strlen(key) + 1; const uint8_t *val = side_metadata + strlen(key) + 1;
int ret = av_dict_set(avpriv_frame_get_metadatap(frame), key, val, 0); int ret;
if (val >= end)
return AVERROR_INVALIDDATA;
ret = av_dict_set(avpriv_frame_get_metadatap(frame), key, val, 0);
if (ret < 0) if (ret < 0)
break; break;
side_metadata = val + strlen(val) + 1; side_metadata = val + strlen(val) + 1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment