From 628236e0c0d68aba4803d324c42d64c4814dbfa1 Mon Sep 17 00:00:00 2001 From: reimar Date: Sun, 10 Jul 2005 09:05:14 +0000 Subject: Add missing range/length check for video trak desc (fixes bug #335). git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@15950 b3059339-0415-0410-9bf9-f77b7e298cf2 --- libmpdemux/demux_mov.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libmpdemux/demux_mov.c b/libmpdemux/demux_mov.c index 7b92bf05ae..ef75aafe93 100644 --- a/libmpdemux/demux_mov.c +++ b/libmpdemux/demux_mov.c @@ -801,9 +801,16 @@ static void lschunks(demuxer_t* demuxer,int level,off_t endpos,mov_track_t* trak int hdr_ptr = 76; // the byte just after depth unsigned char *palette_map; sh_video_t* sh=new_sh_video(demuxer,priv->track_db); - int depth = trak->stdata[75]|(trak->stdata[74]<<8); + int depth; sh->format=trak->fourcc; + if (trak->stdata_len < 78) { + mp_msg(MSGT_DEMUXER, MSGL_WARN, + "MOV: Invalid (%d bytes instead of >= 78) video trak desc\n", + trak->stdata_len); + break; + } + depth = trak->stdata[75] | (trak->stdata[74] << 8); // stdata[]: // 8 short version // 10 short revision -- cgit v1.2.3