X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2Fapetag.c;h=bf9918a0b383c725571d01d4613cdf8b427ac518;hb=d0bf3bf1ffaf810d8e0737847666a9b86ea5929f;hp=6f6a61b0eaf9e9eeb6af9c958b8485a632d4e853;hpb=7c26761b8121ed362870b2e0eb06b85431bdd7a2;p=ffmpeg

diff --git a/libavformat/apetag.c b/libavformat/apetag.c
index 6f6a61b0eaf..bf9918a0b38 100644
--- a/libavformat/apetag.c
+++ b/libavformat/apetag.c
@@ -55,7 +55,7 @@ static int ape_tag_read_field(AVFormatContext *s)
         return -1;
     if (flags & APE_TAG_FLAG_IS_BINARY) {
         uint8_t filename[1024];
-        enum CodecID id;
+        enum AVCodecID id;
         AVStream *st = avformat_new_stream(s, NULL);
         if (!st)
             return AVERROR(ENOMEM);
@@ -68,7 +68,7 @@ static int ape_tag_read_field(AVFormatContext *s)
 
         av_dict_set(&st->metadata, key, filename, 0);
 
-        if ((id = ff_guess_image2_codec(filename)) != CODEC_ID_NONE) {
+        if ((id = ff_guess_image2_codec(filename)) != AV_CODEC_ID_NONE) {
             AVPacket pkt;
             int ret;
 
@@ -111,50 +111,59 @@ static int ape_tag_read_field(AVFormatContext *s)
     return 0;
 }
 
-void ff_ape_parse_tag(AVFormatContext *s)
+int64_t ff_ape_parse_tag(AVFormatContext *s)
 {
     AVIOContext *pb = s->pb;
     int file_size = avio_size(pb);
     uint32_t val, fields, tag_bytes;
     uint8_t buf[8];
+    int64_t tag_start;
     int i;
 
     if (file_size < APE_TAG_FOOTER_BYTES)
-        return;
+        return 0;
 
     avio_seek(pb, file_size - APE_TAG_FOOTER_BYTES, SEEK_SET);
 
     avio_read(pb, buf, 8);     /* APETAGEX */
     if (strncmp(buf, APE_TAG_PREAMBLE, 8)) {
-        return;
+        return 0;
     }
 
     val = avio_rl32(pb);       /* APE tag version */
     if (val > APE_TAG_VERSION) {
         av_log(s, AV_LOG_ERROR, "Unsupported tag version. (>=%d)\n", APE_TAG_VERSION);
-        return;
+        return 0;
     }
 
     tag_bytes = avio_rl32(pb); /* tag size */
     if (tag_bytes - APE_TAG_FOOTER_BYTES > (1024 * 1024 * 16)) {
         av_log(s, AV_LOG_ERROR, "Tag size is way too big\n");
-        return;
+        return 0;
+    }
+
+    tag_start = file_size - tag_bytes - APE_TAG_FOOTER_BYTES;
+    if (tag_start < 0) {
+        av_log(s, AV_LOG_ERROR, "Invalid tag size %u.\n", tag_bytes);
+        return 0;
     }
 
     fields = avio_rl32(pb);    /* number of fields */
     if (fields > 65536) {
         av_log(s, AV_LOG_ERROR, "Too many tag fields (%d)\n", fields);
-        return;
+        return 0;
     }
 
     val = avio_rl32(pb);       /* flags */
     if (val & APE_TAG_FLAG_IS_HEADER) {
         av_log(s, AV_LOG_ERROR, "APE Tag is a header\n");
-        return;
+        return 0;
     }
 
     avio_seek(pb, file_size - tag_bytes, SEEK_SET);
 
     for (i=0; i<fields; i++)
         if (ape_tag_read_field(s) < 0) break;
+
+    return tag_start;
 }