diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-06-13 13:13:42 +0200 |
---|---|---|
committer | Alexandru Croitor <alexandru.croitor@qt.io> | 2017-07-07 09:15:57 +0000 |
commit | cca1687647fe9a5ca828de6645c8994daca180a8 (patch) | |
tree | 43ebadb8bfbb2a5e9b4393b1426268b25c22037b | |
parent | 409d8a2c1c03144354c91edce0256412d2259be9 (diff) | |
download | qtwebengine-chromium-cca1687647fe9a5ca828de6645c8994daca180a8.tar.gz |
[Backport] avformat/oggparseogm: Check available data before reading global header
Fixes use of uninitialized data
Found-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 170d864d2c508ca8111b1d108e1e964007dab712)
Bug:700673, 700690, 701754
Change-Id: I650383a32008c11cb7958e136a982b768b69a7fd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/ffmpeg/libavformat/oggparseogm.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/chromium/third_party/ffmpeg/libavformat/oggparseogm.c b/chromium/third_party/ffmpeg/libavformat/oggparseogm.c index d63c83b1c28..916d42c6b6d 100644 --- a/chromium/third_party/ffmpeg/libavformat/oggparseogm.c +++ b/chromium/third_party/ffmpeg/libavformat/oggparseogm.c @@ -106,6 +106,8 @@ ogm_header(AVFormatContext *s, int idx) if (size > 52) { av_assert0(AV_INPUT_BUFFER_PADDING_SIZE <= 52); size -= 52; + if (bytestream2_get_bytes_left(&p) < size) + return AVERROR_INVALIDDATA; ff_alloc_extradata(st->codec, size); bytestream2_get_buffer(&p, st->codec->extradata, st->codec->extradata_size); } |