diff options
| author | Steven Liu <lq@chinaffmpeg.org> | 2017-09-07 03:30:14 +0300 |
|---|---|---|
| committer | Steven Liu <lq@chinaffmpeg.org> | 2017-09-07 03:30:14 +0300 |
| commit | ef7fe81b8554a2865d47a55edf47420878fa3d91 (patch) | |
| tree | 107f30f2d4fe1475647e35fd8156154b9afc669c /libavformat | |
| parent | 25b5096400b2fd578e059eb4a5d2aba8f3cfddfb (diff) | |
flvdec: Check the avio_seek return value after reading a metadata packet
merge from libav: 585dc1aecef0371ad6f16cb3750ae2a6da9cf00a
If the metadata packet is corrupted, flv_read_metabody can accidentally
read past the start of the next packet. If the start of the next packet
had been flushed out of the IO buffer, we would be unable to seek to
the right position (on a nonseekable stream).
Prefer to clearly error out instead of silently trying to read from a
desynced stream which will only be interpreted as garbage.
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Diffstat (limited to 'libavformat')
| -rw-r--r-- | libavformat/flvdec.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 2e70352c53..2d89bef15f 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -1015,7 +1015,13 @@ retry: "Skipping flv packet: type %d, size %d, flags %d.\n", type, size, flags); skip: - avio_seek(s->pb, next, SEEK_SET); + if (avio_seek(s->pb, next, SEEK_SET) != next) { + // This can happen if flv_read_metabody above read past + // next, on a non-seekable input, and the preceding data has + // been flushed out from the IO buffer. + av_log(s, AV_LOG_ERROR, "Unable to seek to the next packet\n"); + return AVERROR_INVALIDDATA; + } ret = FFERROR_REDO; goto leave; } |