Check buffer is inside what is passed when probing for flac.
authorBenoit Fouet <benoit.fouet@free.fr>
Tue, 27 Jan 2009 18:00:40 +0000 (18:00 +0000)
committerBenoit Fouet <benoit.fouet@free.fr>
Tue, 27 Jan 2009 18:00:40 +0000 (18:00 +0000)
Originally committed as revision 16825 to svn://svn.ffmpeg.org/ffmpeg/trunk

libavformat/raw.c

index fc52fe7..6f2a8db 100644 (file)
@@ -586,11 +586,12 @@ static int eac3_probe(AVProbeData *p)
 static int flac_probe(AVProbeData *p)
 {
     uint8_t *bufptr = p->buf;
+    uint8_t *end    = p->buf + p->buf_size;
 
     if(ff_id3v2_match(bufptr))
         bufptr += ff_id3v2_tag_len(bufptr);
 
-    if(memcmp(bufptr, "fLaC", 4)) return 0;
+    if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0;
     else                          return AVPROBE_SCORE_MAX / 2;
 }
 #endif