Mercurial > libavformat.hg

diff mov.c @ 3935:d30c8469093d libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
stop parsing if tag size is wrongly < 8 to avoid infinite loop
author bcoudurier
date Wed, 24 Sep 2008 18:55:00 +0000
parents 4ab8a237c386
children 8bdecea89071
line wrap: on
line diff
--- a/mov.c	Wed Sep 24 17:46:23 2008 +0000
+++ b/mov.c	Wed Sep 24 18:55:00 2008 +0000
@@ -1379,7 +1379,7 @@
         uint32_t tag      = get_le32(pb);
         uint64_t next     = url_ftell(pb) + tag_size - 8;
 
-        if (next > end) // stop if tag_size is wrong
+        if (tag_size < 8 || next > end) // stop if tag_size is wrong
             break;
 
         switch (tag) {