oma: correctly mark and decrypt partial packets
authorLuca Barbato <lu_zero@gentoo.org>
Wed, 17 Apr 2013 19:19:23 +0000 (21:19 +0200)
committerLuca Barbato <lu_zero@gentoo.org>
Sat, 24 Aug 2013 14:11:29 +0000 (16:11 +0200)
Incomplete crypted files would lead to a read after buffer boundary
otherwise.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2219e27b5b17d146e4ab71a3ed86dfc013fb7a93)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/omadec.c

libavformat/omadec.c

index 07d8b2c..8548fb5 100644 (file)
@@ -393,6 +393,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
     int packet_size = s->streams[0]->codec->block_align;
     int ret = av_get_packet(s->pb, pkt, packet_size);
 
+    if (ret < packet_size)
+        pkt->flags |= AV_PKT_FLAG_CORRUPT;
+
     if (ret < 0)
         return ret;
     if (!ret)
@@ -401,8 +404,13 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
     pkt->stream_index = 0;
 
     if (oc->encrypted) {
-        /* previous unencrypted block saved in IV for the next packet (CBC mode) */
-        av_des_crypt(&oc->av_des, pkt->data, pkt->data, (packet_size >> 3), oc->iv, 1);
+        /* previous unencrypted block saved in IV for
+         * the next packet (CBC mode) */
+        if (ret == packet_size)
+            av_des_crypt(&oc->av_des, pkt->data, pkt->data,
+                         (packet_size >> 3), oc->iv, 1);
+        else
+            memset(oc->iv, 0, 8);
     }
 
     return ret;