Commit e4d1621c authored by Andreas Cadhalpun's avatar Andreas Cadhalpun Committed by Luca Barbato

asfdec: check avio_skip in asf_read_simple_index

The loop can be very long, even though the file is very short.
Signed-off-by: 's avatarAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: 's avatarAlexandra Hájková <alexandra@khirnov.net>
Signed-off-by: 's avatarLuca Barbato <lu_zero@gentoo.org>
parent a32dbf2a
...@@ -970,7 +970,7 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g) ...@@ -970,7 +970,7 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g)
uint64_t interval; // index entry time interval in 100 ns units, usually it's 1s uint64_t interval; // index entry time interval in 100 ns units, usually it's 1s
uint32_t pkt_num, nb_entries; uint32_t pkt_num, nb_entries;
int32_t prev_pkt_num = -1; int32_t prev_pkt_num = -1;
int i; int i, ret;
uint64_t size = avio_rl64(pb); uint64_t size = avio_rl64(pb);
// simple index objects should be ordered by stream number, this loop tries to find // simple index objects should be ordered by stream number, this loop tries to find
...@@ -992,7 +992,11 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g) ...@@ -992,7 +992,11 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g)
nb_entries = avio_rl32(pb); nb_entries = avio_rl32(pb);
for (i = 0; i < nb_entries; i++) { for (i = 0; i < nb_entries; i++) {
pkt_num = avio_rl32(pb); pkt_num = avio_rl32(pb);
avio_skip(pb, 2); ret = avio_skip(pb, 2);
if (ret < 0) {
av_log(s, AV_LOG_ERROR, "Skipping failed in asf_read_simple_index.\n");
return ret;
}
if (prev_pkt_num != pkt_num) { if (prev_pkt_num != pkt_num) {
av_add_index_entry(st, asf->first_packet_offset + asf->packet_size * av_add_index_entry(st, asf->first_packet_offset + asf->packet_size *
pkt_num, av_rescale(interval, i, 10000), pkt_num, av_rescale(interval, i, 10000),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment