avformat/nsvdec: Do not parse multiple NSVf
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 16 Aug 2018 10:23:20 +0000 (12:23 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sun, 18 Nov 2018 01:20:44 +0000 (02:20 +0100)
The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421

Found-by: Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78d4b6bd43fc266a2ee926f0555c8782246f9445)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/nsvdec.c

index 16d2fa5..3e7d815 100644 (file)
@@ -177,6 +177,7 @@ typedef struct NSVContext {
     AVRational framerate;
     uint32_t *nsvs_timestamps;
     //DVDemuxContext* dv_demux;
+    int nsvf;
 } NSVContext;
 
 static const AVCodecTag nsv_codec_video_tags[] = {
@@ -280,6 +281,12 @@ static int nsv_parse_NSVf_header(AVFormatContext *s)
 
     nsv->state = NSV_UNSYNC; /* in case we fail */
 
+    if (nsv->nsvf) {
+        av_log(s, AV_LOG_TRACE, "Multiple NSVf\n");
+        return 0;
+    }
+    nsv->nsvf = 1;
+
     size = avio_rl32(pb);
     if (size < 28)
         return -1;