X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2Felectronicarts.c;h=7c0d6a2e37c3070a34d2a10fb06f76174b6af11c;hb=626535f6a169e2d821b969e0ea77125ba7482113;hp=6976a133c3f6a31cfbdfc4039871df1f4bdf6aa9;hpb=39a98623edbbdcf9d9b76e9d7aff3ce086ebfbfe;p=ffmpeg diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c index 6976a133c3f..7c0d6a2e37c 100644 --- a/libavformat/electronicarts.c +++ b/libavformat/electronicarts.c @@ -561,14 +561,14 @@ static int ea_read_header(AVFormatContext *s) st->codecpar->bits_per_coded_sample; ea->audio_stream_index = st->index; st->start_time = 0; - return 1; + return 0; } no_audio: ea->audio_codec = AV_CODEC_ID_NONE; if (!ea->video.codec) return AVERROR_INVALIDDATA; - return 1; + return 0; } static int ea_read_packet(AVFormatContext *s, AVPacket *pkt) @@ -582,6 +582,8 @@ static int ea_read_packet(AVFormatContext *s, AVPacket *pkt) int av_uninit(num_samples); while ((!packet_read && !hit_end) || partial_packet) { + if (avio_feof(pb)) + return AVERROR_EOF; chunk_type = avio_rl32(pb); chunk_size = ea->big_endian ? avio_rb32(pb) : avio_rl32(pb); if (chunk_size < 8) @@ -605,10 +607,14 @@ static int ea_read_packet(AVFormatContext *s, AVPacket *pkt) break; } else if (ea->audio_codec == AV_CODEC_ID_PCM_S16LE_PLANAR || ea->audio_codec == AV_CODEC_ID_MP3) { + if (chunk_size < 12) + return AVERROR_INVALIDDATA; num_samples = avio_rl32(pb); avio_skip(pb, 8); chunk_size -= 12; } else if (ea->audio_codec == AV_CODEC_ID_ADPCM_PSX) { + if (chunk_size < 8) + return AVERROR_INVALIDDATA; avio_skip(pb, 8); chunk_size -= 8; } @@ -691,6 +697,8 @@ static int ea_read_packet(AVFormatContext *s, AVPacket *pkt) case fVGT_TAG: case MADm_TAG: case MADe_TAG: + if (chunk_size > INT_MAX - 8) + return AVERROR_INVALIDDATA; avio_seek(pb, -8, SEEK_CUR); // include chunk preamble chunk_size += 8; goto get_video_packet; @@ -720,6 +728,7 @@ get_video_packet: ret = av_get_packet(pb, pkt, chunk_size); if (ret < 0) { packet_read = 1; + partial_packet = 0; break; } partial_packet = chunk_type == MVIh_TAG;