Message ID | 20240711233417.1896879-1-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,01/22] avformat/asfdec_o: Check size of index object | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On Fri, Jul 12, 2024 at 01:33:55AM +0200, Michael Niedermayer wrote: > We subtract 24 so it must be at least 24 > > Fixes: CID1604482 Overflowed constant > > Sponsored-by: Sovereign Tech Fund > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/asfdec_o.c | 3 +++ > 1 file changed, 3 insertions(+) will apply patchset (except 5 which was dropped) [...]
diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c index dfe448e9f7e..dd187e600d0 100644 --- a/libavformat/asfdec_o.c +++ b/libavformat/asfdec_o.c @@ -867,6 +867,9 @@ static int asf_read_simple_index(AVFormatContext *s, const GUIDParseTable *g) int64_t offset; uint64_t size = avio_rl64(pb); + if (size < 24) + return AVERROR_INVALIDDATA; + // simple index objects should be ordered by stream number, this loop tries to find // the first not indexed video stream for (i = 0; i < asf->nb_streams; i++) {
We subtract 24 so it must be at least 24 Fixes: CID1604482 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/asfdec_o.c | 3 +++ 1 file changed, 3 insertions(+)