From b086d4ff9cf6b3b8bde74aefdc1c0589f98943db Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 15 Jan 2007 23:47:53 +0000 Subject: [PATCH] fix segfault with http://sam.zoy.org/zzuf/lol-ffplay.wmv Originally committed as revision 7539 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/asf.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/asf.c b/libavformat/asf.c index 0ec73314ef..df4de7c521 100644 --- a/libavformat/asf.c +++ b/libavformat/asf.c @@ -601,6 +601,10 @@ static int asf_read_packet(AVFormatContext *s, AVPacket *pkt) assert(asf->packet_replic_size >= 8); // it should be always at least 8 bytes - FIXME validate asf->packet_obj_size = get_le32(pb); + if(asf->packet_obj_size >= (1<<24) || asf->packet_obj_size <= 0){ + av_log(s, AV_LOG_ERROR, "packet_obj_size invalid\n"); + continue; + } asf->packet_frag_timestamp = get_le32(pb); // timestamp if (asf->packet_replic_size > 8) url_fskip(pb, asf->packet_replic_size - 8);