diff mbox

[FFmpeg-devel] avformat/nsvdec: Do not parse multiple NSVf

Message ID 20180817193245.950-1-michael@niedermayer.cc
State Accepted
Commit 78d4b6bd43fc266a2ee926f0555c8782246f9445
Headers show

Commit Message

Michael Niedermayer Aug. 17, 2018, 7:32 p.m. UTC 
The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421

Found-by: Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/nsvdec.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Michael Niedermayer Aug. 19, 2018, 10:43 p.m. UTC | #1 
On Fri, Aug 17, 2018 at 09:32:45PM +0200, Michael Niedermayer wrote:
> The specification states "NSV files may contain a single file header. "
> Fixes: out of array access
> Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421
> 
> Found-by: Paul Ch <paulcher@icloud.com>
> Tested-by: Paul Ch <paulcher@icloud.com>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/nsvdec.c | 7 +++++++
>  1 file changed, 7 insertions(+)

will apply

[...]
diff mbox

Patch

diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c
index d8ce656817..92f7d178f6 100644
--- a/libavformat/nsvdec.c
+++ b/libavformat/nsvdec.c
@@ -176,6 +176,7 @@  typedef struct NSVContext {
     int16_t avsync;
     AVRational framerate;
     uint32_t *nsvs_timestamps;
+    int nsvf;
 } NSVContext;
 
 static const AVCodecTag nsv_codec_video_tags[] = {
@@ -266,6 +267,12 @@  static int nsv_parse_NSVf_header(AVFormatContext *s)
 
     nsv->state = NSV_UNSYNC; /* in case we fail */
 
+    if (nsv->nsvf) {
+        av_log(s, AV_LOG_TRACE, "Multiple NSVf\n");
+        return 0;
+    }
+    nsv->nsvf = 1;
+
     size = avio_rl32(pb);
     if (size < 28)
         return -1;