X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2Foggparseogm.c;h=a07453760b710be903313e7952a72a2773a8c943;hb=98e18910a3f19a1139654b2d14d0f3b2b3625cd1;hp=e7a501b5a71e2ada0c82e7145146ba1c4f0516d6;hpb=4251e25272d6a51433805956ea26425d7ccd74cb;p=ffmpeg

diff --git a/libavformat/oggparseogm.c b/libavformat/oggparseogm.c
index e7a501b5a71..a07453760b7 100644
--- a/libavformat/oggparseogm.c
+++ b/libavformat/oggparseogm.c
@@ -24,7 +24,6 @@
 
 #include <stdlib.h>
 
-#include "libavutil/avassert.h"
 #include "libavutil/intreadwrite.h"
 
 #include "libavcodec/bytestream.h"
@@ -106,10 +105,10 @@ ogm_header(AVFormatContext *s, int idx)
                 size -= 4;
             }
             if (size > 52) {
-                av_assert0(AV_INPUT_BUFFER_PADDING_SIZE <= 52);
                 size -= 52;
                 if (bytestream2_get_bytes_left(&p) < size)
                     return AVERROR_INVALIDDATA;
+                av_freep(&st->codecpar->extradata);
                 if (ff_alloc_extradata(st->codecpar, size) < 0)
                     return AVERROR(ENOMEM);
                 bytestream2_get_buffer(&p, st->codecpar->extradata, st->codecpar->extradata_size);
@@ -177,11 +176,14 @@ ogm_packet(AVFormatContext *s, int idx)
         os->pflags |= AV_PKT_FLAG_KEY;
 
     lb = ((*p & 2) << 1) | ((*p >> 6) & 3);
+    if (os->psize < lb + 1)
+        return AVERROR_INVALIDDATA;
+
     os->pstart += lb + 1;
     os->psize -= lb + 1;
 
     while (lb--)
-        os->pduration += p[lb+1] << (lb*8);
+        os->pduration += (uint64_t)p[lb+1] << (lb*8);
 
     return 0;
 }