avformat/oggparseogm: Check available data before reading global header
authorMichael Niedermayer <michael@niedermayer.cc>
Tue, 11 Apr 2017 13:06:21 +0000 (15:06 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sun, 14 May 2017 10:20:15 +0000 (12:20 +0200)
Fixes use of uninitialized data

Found-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 170d864d2c508ca8111b1d108e1e964007dab712)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/oggparseogm.c

index f8e656d..cdbdfd6 100644 (file)
@@ -108,6 +108,8 @@ ogm_header(AVFormatContext *s, int idx)
             if (size > 52) {
                 av_assert0(AV_INPUT_BUFFER_PADDING_SIZE <= 52);
                 size -= 52;
+                if (bytestream2_get_bytes_left(&p) < size)
+                    return AVERROR_INVALIDDATA;
                 ff_alloc_extradata(st->codecpar, size);
                 bytestream2_get_buffer(&p, st->codecpar->extradata, st->codecpar->extradata_size);
             }