cafdec: fix parsing of chunks which may have unused data

Specification mentions 'strg', 'mark', 'regn', 'info', .. chunks to have data section size larger than chunk's current meaningful content in order to reserve room for additional data. Signed-off-by: Paul B Mahol <onemda@gmail.com>

cafdec: fix parsing of chunks which may have unused data
Specification mentions 'strg', 'mark', 'regn', 'info', .. chunks to have data section size larger than chunk's current meaningful content in order to reserve room for additional data. Signed-off-by: Paul B Mahol <onemda@gmail.com>
c2e2b302 · Paul B Mahol · 3d6a246b · c2e2b302
Commit c2e2b302 authored Oct 26, 2012 by Paul B Mahol
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

cafdec.c libavformat/cafdec.c +8 -2

No files found.
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -225,7 +225,7 @@ static int read_header(AVFormatContext *s)
    AVStream *st;
    uint32_t tag = 0;
    int found_data, ret;
-    int64_t size;
+    int64_t size, pos;

    avio_skip(pb, 8); /* magic, version, file flags */

@@ -254,6 +254,7 @@ static int read_header(AVFormatContext *s)

        tag  = avio_rb32(pb);
        size = avio_rb64(pb);
+        pos  = avio_tell(pb);
        if (url_feof(pb))
            break;

@@ -296,9 +297,14 @@ static int read_header(AVFormatContext *s)
        case MKBETAG('f','r','e','e'):
            if (size < 0)
                return AVERROR_INVALIDDATA;
-            avio_skip(pb, size);
            break;
        }
+
+        if (size > 0) {
+            if (pos + size < pos)
+                return AVERROR_INVALIDDATA;
+            avio_skip(pb, FFMAX(0, pos + size - avio_tell(pb)));
+        }
    }

    if (!found_data)