asfdec: fix assert failure on invalid files

Add an extra size validity check in asf_read_frame_header(). Without this asf->packet_size_left may become negative, which triggers an assertion failure later.

asfdec: fix assert failure on invalid files
Add an extra size validity check in asf_read_frame_header(). Without this asf->packet_size_left may become negative, which triggers an assertion failure later.
bcedf2e5 · Uoti Urpala · Michael Niedermayer · 10291562 · bcedf2e5
Commit bcedf2e5 authored Apr 24, 2011 by Uoti Urpala Committed by Michael Niedermayer May 12, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

asfdec.c libavformat/asfdec.c +4 -0

No files found.
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -842,6 +842,10 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb){
        av_log(s, AV_LOG_ERROR, "unexpected packet_replic_size of %d\n", asf->packet_replic_size);
        return -1;
    }
+    if (rsize > asf->packet_size_left) {
+        av_log(s, AV_LOG_ERROR, "packet_replic_size is invalid\n");
+        return -1;
+    }
    if (asf->packet_flags & 0x01) {
        DO_2BITS(asf->packet_segsizetype >> 6, asf->packet_frag_size, 0); // 0 is illegal
        if(asf->packet_frag_size > asf->packet_size_left - rsize){