avi: Validate sample_size
authorAndreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Wed, 6 May 2015 00:26:57 +0000 (02:26 +0200)
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Thu, 14 May 2015 17:13:13 +0000 (19:13 +0200)
And either error out or set it to 0 if it is negative.

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 4d0ee4962be7e07cdc038a78008ef2e4e47e5f81)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Conflicts:
libavformat/avidec.c

libavformat/avidec.c

index fbfd913..9bb3920 100644 (file)
@@ -692,6 +692,23 @@ static int avi_read_header(AVFormatContext *s)
             default:
                 av_log(s, AV_LOG_INFO, "unknown stream type %X\n", tag1);
             }
+
+            if (ast->sample_size < 0) {
+                if (s->error_recognition & AV_EF_EXPLODE) {
+                    av_log(s, AV_LOG_ERROR,
+                           "Invalid sample_size %d at stream %d\n",
+                           ast->sample_size,
+                           stream_index);
+                    goto fail;
+                }
+                av_log(s, AV_LOG_WARNING,
+                       "Invalid sample_size %d at stream %d "
+                       "setting it to 0\n",
+                       ast->sample_size,
+                       stream_index);
+                ast->sample_size = 0;
+            }
+
             if (ast->sample_size == 0) {
                 st->duration = st->nb_frames;
                 if (st->duration > 0 && avi->io_fsize > 0 && avi->riff_end > avi->io_fsize) {