Do not try to parse empty strf tags.

[ffmpeg] / libavformat / avs.c

diff --git a/libavformat/avs.c b/libavformat/avs.c
index 89b2642c36b3eae729fbf99c897ea5411c183fde..ad5ac05988d3a925a9116fb2ebf4e4a6f29b28c2 100644 (file)
--- a/libavformat/avs.c
+++ b/libavformat/avs.c
@@ -163,10 +163,14 @@ static int avs_read_packet(AVFormatContext * s, AVPacket * pkt)
             sub_type = avio_r8(s->pb);
             type = avio_r8(s->pb);
             size = avio_rl16(s->pb);
+            if (size < 4)
+                return AVERROR_INVALIDDATA;
             avs->remaining_frame_size -= size;
 
             switch (type) {
             case AVS_PALETTE:
+                if (size - 4 > sizeof(palette))
+                    return AVERROR_INVALIDDATA;
                 ret = avio_read(s->pb, palette, size - 4);
                 if (ret < size - 4)
                     return AVERROR(EIO);