diff mbox series

[FFmpeg-devel,2/6] avcodec/movtextdec: Improve size check

Message ID AM7PR03MB6660A82C97AA3E24D3FF37DB8F6F9@AM7PR03MB6660.eurprd03.prod.outlook.com
State Accepted
Commit b9f5a26a39efc0e49e2296306efde572630b1796
Headers show
Series [FFmpeg-devel,1/6] avcodec/movtextdec: Switch to smaller type | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Andreas Rheinhardt Dec. 8, 2021, 8:23 p.m. UTC
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
The error checks here are btw a bit inconsistent: Most errors only lead
to a break; in case of errors from parsing the boxes this just ends
the box-parsing for-loop, not the outer while loop (and is therefore
actually redundant, because for each type there is at most one 
corresponding Box entry for parsing). Yet this is different.

 libavcodec/movtextdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 8dd571d64c..5083308d58 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -537,8 +537,8 @@  static int mov_text_decode_frame(AVCodecContext *avctx,
                 m->size_var = 8;
             //size_var is equal to 8 or 16 depending on the size of box
 
-            if (tsmb_size == 0) {
-                av_log(avctx, AV_LOG_ERROR, "tsmb_size is 0\n");
+            if (tsmb_size < m->size_var) {
+                av_log(avctx, AV_LOG_ERROR, "tsmb_size invalid\n");
                 return AVERROR_INVALIDDATA;
             }