diff mbox series

[FFmpeg-devel] avformat/3dostr: Check remaining buffer in probe before 8 byte step

Message ID 20200918222636.31899-1-michael@niedermayer.cc
State Accepted
Commit 624f6df19f79f319faf19718c24a9471fa36f61c
Headers show
Series [FFmpeg-devel] avformat/3dostr: Check remaining buffer in probe before 8 byte step | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Michael Niedermayer Sept. 18, 2020, 10:26 p.m. UTC 
Fixes: segfault
Fixes: signal_sigabrt_7ffff6ae7cc9_7213_0d6457b9d6897fa7c78507fa5de53510.ts
Regression since: 3ac45bf66561a667260cac37223c0393f7333fca

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/3dostr.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Michael Niedermayer Sept. 18, 2020, 11:15 p.m. UTC | #1 
On Sat, Sep 19, 2020 at 12:26:36AM +0200, Michael Niedermayer wrote:
> Fixes: segfault
> Fixes: signal_sigabrt_7ffff6ae7cc9_7213_0d6457b9d6897fa7c78507fa5de53510.ts
> Regression since: 3ac45bf66561a667260cac37223c0393f7333fca
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/3dostr.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)

will apply due to approval on IRC:
<durandal_1707> michaelni: just apply 3dostr patch
<durandal_1707> and why probe buffer is not padded?
<michaelni> i assume it is padded

[...]
diff mbox series

Patch

diff --git a/libavformat/3dostr.c b/libavformat/3dostr.c
index 2d92b46570..2a35d661c3 100644
--- a/libavformat/3dostr.c
+++ b/libavformat/3dostr.c
@@ -29,10 +29,9 @@  static int threedostr_probe(const AVProbeData *p)
         unsigned chunk = AV_RL32(p->buf + i);
         unsigned size  = AV_RB32(p->buf + i + 4);
 
-        i += 8;
         if (size < 8 || p->buf_size - i < size)
             return 0;
-
+        i += 8;
         size -= 8;
         switch (chunk) {
         case MKTAG('C','T','R','L'):