From 5dd76bd741022ee87c8a1945e4ef0d97467f70e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Wed, 30 Sep 2009 13:35:13 +0000 Subject: [PATCH] Return an error when the parsed mpc chunk size is negative, otherwise we might end up in an endless loop where the same chunk is parsed over and over. Fixes a hang near the end for http://samples.mplayerhq.hu/A-codecs/musepack/sv8/sv8-tags.mpc Originally committed as revision 20099 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/mpc8.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c index 51817f1439..85cbb41f83 100644 --- a/libavformat/mpc8.c +++ b/libavformat/mpc8.c @@ -250,6 +250,8 @@ static int mpc8_read_packet(AVFormatContext *s, AVPacket *pkt) while(!url_feof(s->pb)){ pos = url_ftell(s->pb); mpc8_get_chunk_header(s->pb, &tag, &size); + if (size < 0) + return -1; if(tag == TAG_AUDIOPACKET){ if(av_get_packet(s->pb, pkt, size) < 0) return AVERROR(ENOMEM);