Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly

Browse Source 
Found while reviewing: CID1530313 Untrusted loop bound

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
release/7.1
Michael Niedermayer 7 months ago
parent 665be4fa2f
commit cedbef0394
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 2 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      libavformat/rtmppkt.c

6
libavformat/rtmppkt.c
Unescape View File

@ -440,7 +440,6 @@ static int amf_tag_skip(GetByteContext *gb)
{ {
AMFDataType type; AMFDataType type;
unsigned nb = -1; unsigned nb = -1;
int parse_key = 1;
if (bytestream2_get_bytes_left(gb) < 1) if (bytestream2_get_bytes_left(gb) < 1)
return -1; return -1;
@ -465,13 +464,12 @@ static int amf_tag_skip(GetByteContext *gb)
bytestream2_skip(gb, 10); bytestream2_skip(gb, 10);
return 0; return 0;
case AMF_DATA_TYPE_ARRAY: case AMF_DATA_TYPE_ARRAY:
parse_key = 0;
case AMF_DATA_TYPE_MIXEDARRAY: case AMF_DATA_TYPE_MIXEDARRAY:
nb = bytestream2_get_be32(gb); nb = bytestream2_get_be32(gb);
case AMF_DATA_TYPE_OBJECT: case AMF_DATA_TYPE_OBJECT:
while (nb-- > 0 || type != AMF_DATA_TYPE_ARRAY) { while (type != AMF_DATA_TYPE_ARRAY || nb-- > 0) {
int t; int t;
if (parse_key) { if (type != AMF_DATA_TYPE_ARRAY) {
int size = bytestream2_get_be16(gb); int size = bytestream2_get_be16(gb);
if (!size) { if (!size) {
bytestream2_get_byte(gb); bytestream2_get_byte(gb);

Write Preview
Loading…
Cancel
Save