avformat/redspark: check coef_off

Fixes out of array reads Found-by: Laurent Butti <laurentb@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-08-23 19:12:54 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2013-08-23 20:05:35 +0200
commit: aadfadd784bb1b50f0fd7444a06b2895c7fe87a3 (patch)
tree: b22f37e6036d004b7fb3a50aeef16f37ccc92e71 /libavformat/redspark.c
parent: 9e477a37703318cb86d8ed1d426929235aa02b67 (diff)
download: ffmpeg-aadfadd784bb1b50f0fd7444a06b2895c7fe87a3.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/redspark.c b/libavformat/redspark.c
index 44d5da77fb..3963261b9a 100644
--- a/libavformat/redspark.c
+++ b/libavformat/redspark.c
@@ -108,6 +108,11 @@ static int redspark_read_header(AVFormatContext *s)
     if (bytestream2_get_byteu(&gbc)) // Loop flag
         coef_off += 16;
 
+    if (coef_off + codec->channels * (32 + 14) > HEADER_SIZE) {
+        ret = AVERROR_INVALIDDATA;
+        goto fail;
+    }
+
     codec->extradata_size = 32 * codec->channels;
     codec->extradata = av_malloc(codec->extradata_size);
     if (!codec->extradata) {
author	Michael Niedermayer <michaelni@gmx.at>	2013-08-23 19:12:54 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2013-08-23 20:05:35 +0200
commit	aadfadd784bb1b50f0fd7444a06b2895c7fe87a3 (patch)
tree	b22f37e6036d004b7fb3a50aeef16f37ccc92e71 /libavformat/redspark.c
parent	9e477a37703318cb86d8ed1d426929235aa02b67 (diff)
download	ffmpeg-aadfadd784bb1b50f0fd7444a06b2895c7fe87a3.tar.gz