[vlc-commits] SMF: avoid a DOS if the SMF header is invalid

Ludovic Fauvet git at videolan.org
Mon Apr 2 17:25:47 CEST 2012


vlc | branch: master | Ludovic Fauvet <etix at videolan.org> | Mon Apr  2 17:19:14 2012 +0200| [e6003756a15b832cd63a8d007b1142f838aaea75] | committer: Jean-Baptiste Kempf

SMF: avoid a DOS if the SMF header is invalid

Reported by Marcin 'Icewall' Noga from Hispasec

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=e6003756a15b832cd63a8d007b1142f838aaea75
---

 modules/demux/smf.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/modules/demux/smf.c b/modules/demux/smf.c
index b688b5f..0c3820c 100644
--- a/modules/demux/smf.c
+++ b/modules/demux/smf.c
@@ -209,7 +209,13 @@ static int Open (vlc_object_t * p_this)
 
         for (;;)
         {
-            stream_Read (stream, head, 8);
+            if (stream_Read (stream, head, 8) < 8)
+            {
+                /* FIXME: don't give up if we have at least one valid track */
+                msg_Err (p_this, "incomplete SMF chunk, file is corrupted");
+                goto error;
+            }
+
             if (memcmp (head, "MTrk", 4) == 0)
                 break;
 



More information about the vlc-commits mailing list