← Back to branch summary

~ubuntu-branches/ubuntu/precise/libav/precise-security

« back to all changes in this revision

Viewing changes to libavformat/wtv.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-02-06 12:10:23 UTC
  • mfrom: (1.2.19)
  • Revision ID: package-import@ubuntu.com-20140206121023-x6thvrbmapp5uyqe
Tags: 4:0.8.10-0ubuntu0.12.04.1
https://launchpad.net/bugs/1277173
Update to 0.8.10 to fix multiple security issues (LP: #1277173)

Show diffs side-by-side

added added

removed removed

Lines of Context:
libavformat/wtv.c
273
273
        dir_length  = AV_RL16(buf + 16);
274
274
        file_length = AV_RL64(buf + 24);
275
275
        name_size   = 2 * AV_RL32(buf + 32);
276
 
        if (buf + 48 + name_size > buf_end) {
 
276
        if (name_size < 0) {
 
277
            av_log(s, AV_LOG_ERROR,
 
278
                   "bad filename length, remaining directory entries ignored\n");
 
279
            break;
 
280
        }
 
281
        if (48 + name_size > buf_end - buf) {
277
282
            av_log(s, AV_LOG_ERROR, "filename exceeds buffer size; remaining directory entries ignored\n");
278
283
            break;
279
284
        }