Merge remote-tracking branch 'qatar/master'

[ffmpeg] / libavformat / omadec.c

diff --git a/libavformat/omadec.c b/libavformat/omadec.c
index 4777c13048adfabd3b33b42982f4d739fb9d89a6..1cd8fdf9d5d44b2348a8c367bd24a6bb8acf655c 100644 (file)
--- a/libavformat/omadec.c
+++ b/libavformat/omadec.c
@@ -219,6 +219,12 @@ static int decrypt_init(AVFormatContext *s, ID3v2ExtraMeta *em, uint8_t *header)
         av_log(s, AV_LOG_ERROR, "Invalid encryption header\n");
         return -1;
     }
+    if (   OMA_ENC_HEADER_SIZE + oc->k_size + oc->e_size + oc->i_size + 8 > geob->datasize
+        || OMA_ENC_HEADER_SIZE + 48 > geob->datasize
+    ) {
+        av_log(s, AV_LOG_ERROR, "Too little GEOB data\n");
+        return AVERROR_INVALIDDATA;
+    }
     oc->rid = AV_RB32(&gdata[OMA_ENC_HEADER_SIZE + 28]);
     av_log(s, AV_LOG_DEBUG, "RID: %.8x\n", oc->rid);