Message ID | 20171129014303.3716-1-jamrial@gmail.com |
---|---|
State | New |
Headers | show |
On Tue, Nov 28, 2017 at 22:42:59 -0300, James Almer wrote: > Subject: avformat/avc: return an error in ff_isom_write_avcc if the buffer lenght is too small ^ length > - if (len > 6) { > + if (len < 6) > + return AVERROR_INVALIDDATA; This changes behavior for len == 6, right? Does it matter? Moritz
On 11/29/2017 11:09 AM, Moritz Barsnick wrote: > On Tue, Nov 28, 2017 at 22:42:59 -0300, James Almer wrote: >> Subject: avformat/avc: return an error in ff_isom_write_avcc if the buffer lenght is too small > ^ length > >> - if (len > 6) { >> + if (len < 6) >> + return AVERROR_INVALIDDATA; > > This changes behavior for len == 6, right? Yes. Wasn't my intention to, so fixed locally.
diff --git a/libavformat/avc.c b/libavformat/avc.c index 094a95821f..7b32590778 100644 --- a/libavformat/avc.c +++ b/libavformat/avc.c @@ -105,7 +105,9 @@ int ff_avc_parse_nal_units_buf(const uint8_t *buf_in, uint8_t **buf, int *size) int ff_isom_write_avcc(AVIOContext *pb, const uint8_t *data, int len) { - if (len > 6) { + if (len < 6) + return AVERROR_INVALIDDATA; + /* check for H.264 start code */ if (AV_RB32(data) == 0x00000001 || AV_RB24(data) == 0x000001) { @@ -157,7 +159,6 @@ int ff_isom_write_avcc(AVIOContext *pb, const uint8_t *data, int len) } else { avio_write(pb, data, len); } - } return 0; }
Signed-off-by: James Almer <jamrial@gmail.com> --- libavformat/avc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)