SMF: avoid a DOS if the SMF header is invalid

author Ludovic Fauvet <etix@videolan.org>

Mon, 2 Apr 2012 15:19:14 +0000 (17:19 +0200)

committer Jean-Baptiste Kempf <jb@videolan.org>

Mon, 2 Apr 2012 15:25:15 +0000 (17:25 +0200)
author Ludovic Fauvet <etix@videolan.org>
Mon, 2 Apr 2012 15:19:14 +0000 (17:19 +0200)
committer Jean-Baptiste Kempf <jb@videolan.org>
Mon, 2 Apr 2012 15:25:15 +0000 (17:25 +0200)
diff --git a/modules/demux/smf.c b/modules/demux/smf.c

index b688b5fef3d9b0eadbc6846368c08f9b81d8461d..0c3820c088f729abe82e6214aa0b500c142c0269 100644 (file)
--- a/modules/demux/smf.c
+++ b/modules/demux/smf.c
@@ -209,7 +209,13 @@ static int Open (vlc_object_t * p_this)
  
          for (;;)
          {
-            stream_Read (stream, head, 8);
+            if (stream_Read (stream, head, 8) < 8)
+            {
+                /* FIXME: don't give up if we have at least one valid track */
+                msg_Err (p_this, "incomplete SMF chunk, file is corrupted");
+                goto error;
+            }
+
              if (memcmp (head, "MTrk", 4) == 0)
                  break;
author	Ludovic Fauvet <etix@videolan.org>
	Mon, 2 Apr 2012 15:19:14 +0000 (17:19 +0200)
committer	Jean-Baptiste Kempf <jb@videolan.org>
	Mon, 2 Apr 2012 15:25:15 +0000 (17:25 +0200)