[Backport] avformat/oggparseogm: Check available data before reading global header

Fixes use of uninitialized data Found-by: Thomas Guilbert <tguilbert@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 170d864d2c508ca8111b1d108e1e964007dab712) Bug:700673, 700690, 701754 Change-Id: I650383a32008c11cb7958e136a982b768b69a7fd Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2017-06-13 13:13:42 +0200
committer: Alexandru Croitor <alexandru.croitor@qt.io> 2017-07-07 09:15:57 +0000
commit: cca1687647fe9a5ca828de6645c8994daca180a8 (patch)
tree: 43ebadb8bfbb2a5e9b4393b1426268b25c22037b
parent: 409d8a2c1c03144354c91edce0256412d2259be9 (diff)
download: qtwebengine-chromium-cca1687647fe9a5ca828de6645c8994daca180a8.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/chromium/third_party/ffmpeg/libavformat/oggparseogm.c b/chromium/third_party/ffmpeg/libavformat/oggparseogm.c
index d63c83b1c28..916d42c6b6d 100644
--- a/chromium/third_party/ffmpeg/libavformat/oggparseogm.c
+++ b/chromium/third_party/ffmpeg/libavformat/oggparseogm.c
@@ -106,6 +106,8 @@ ogm_header(AVFormatContext *s, int idx)
             if (size > 52) {
                 av_assert0(AV_INPUT_BUFFER_PADDING_SIZE <= 52);
                 size -= 52;
+                if (bytestream2_get_bytes_left(&p) < size)
+                    return AVERROR_INVALIDDATA;
                 ff_alloc_extradata(st->codec, size);
                 bytestream2_get_buffer(&p, st->codec->extradata, st->codec->extradata_size);
             }
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2017-06-13 13:13:42 +0200
committer	Alexandru Croitor <alexandru.croitor@qt.io>	2017-07-07 09:15:57 +0000
commit	cca1687647fe9a5ca828de6645c8994daca180a8 (patch)
tree	43ebadb8bfbb2a5e9b4393b1426268b25c22037b
parent	409d8a2c1c03144354c91edce0256412d2259be9 (diff)
download	qtwebengine-chromium-cca1687647fe9a5ca828de6645c8994daca180a8.tar.gz