avcodec/utils: add some saftey checks to add_metadata_from_side_data()
authorMichael Niedermayer <michaelni@gmx.at>
Sat, 19 Oct 2013 15:52:47 +0000 (17:52 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Wed, 15 Jan 2014 23:35:12 +0000 (00:35 +0100)
This fixes potential overreads with crafted files.

Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 838f461b0716393a1b5c70efd03de1e8bc197380)

Conflicts:

libavcodec/utils.c

libavcodec/utils.c

index 2fd61e6..969fe0c 100644 (file)
@@ -1647,10 +1647,17 @@ static int add_metadata_from_side_data(AVCodecContext *avctx, AVFrame *frame)
     if (!side_metadata)
         goto end;
     end = side_metadata + size;
+    if (size && end[-1])
+        return AVERROR_INVALIDDATA;
     while (side_metadata < end) {
         const uint8_t *key = side_metadata;
         const uint8_t *val = side_metadata + strlen(key) + 1;
-        int ret = av_dict_set(ff_frame_get_metadatap(frame), key, val, 0);
+        int ret;
+
+        if (val >= end)
+            return AVERROR_INVALIDDATA;
+
+        ret = av_dict_set(ff_frame_get_metadatap(frame), key, val, 0);
         if (ret < 0)
             break;
         side_metadata = val + strlen(val) + 1;