From 1030993db212667d64cd0234c2ef1fccd30f0c1f Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Mon, 18 May 2020 03:17:50 +0200 Subject: [PATCH] avformat/webmdashenc: Be more strict when parsing stream indices The syntax of the adaptation_sets string by which the user determines the mapping of AVStreams to adaptation sets is "id=x,streams=a,b,c id=y,streams=d,e" (means: the streams with the indices a, b and c belong to the adaptation set with id x). Yet there was no check for whether these indices were actual numbers and if there is a number whether it really extends to the next ',', ' ' or to the end of the string or not. This commit adds a check for this. Signed-off-by: Andreas Rheinhardt --- libavformat/webmdashenc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c index 05015a08c1..250c8ca3ad 100644 --- a/libavformat/webmdashenc.c +++ b/libavformat/webmdashenc.c @@ -465,18 +465,18 @@ static int parse_adaptation_sets(AVFormatContext *s) state = parsing_streams; } else if (state == parsing_streams) { struct AdaptationSet *as = &w->as[w->nb_as - 1]; + int64_t num; int ret = av_reallocp_array(&as->streams, ++as->nb_streams, sizeof(*as->streams)); if (ret < 0) return ret; - q = p; - while (*q != '\0' && *q != ',' && *q != ' ') q++; - as->streams[as->nb_streams - 1] = strtoll(p, NULL, 10); - if (as->streams[as->nb_streams - 1] < 0 || - as->streams[as->nb_streams - 1] >= s->nb_streams) { + num = strtoll(p, &q, 10); + if (!av_isdigit(*p) || (*q != ' ' && *q != '\0' && *q != ',') || + num < 0 || num >= s->nb_streams) { av_log(s, AV_LOG_ERROR, "Invalid value for 'streams' in adapation_sets.\n"); return AVERROR(EINVAL); } + as->streams[as->nb_streams - 1] = num; if (*q == '\0') break; if (*q == ' ') state = new_set; p = ++q;