ref: 261e90c554eb95fa25079f08d4f1ae3691efdc87
parent: 8600912ac8ed58ff54406aaa8cb41856dc54ee69
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Mon Mar 4 14:23:36 EST 2024
m4a: make sure to not seek in an infinite loop with broken files
--- a/m4a.c
+++ b/m4a.c
@@ -19,7 +19,7 @@
sz = beuint(d) - 4; /* already have 8 bytes */
for(;;){
- if(ctx->seek(ctx, sz, 1) < 0)
+ if(sz < 0 || ctx->seek(ctx, sz, 1) < 0)
return -1;
if(ctx->read(ctx, d, 4) != 4) /* size */
break;
@@ -58,6 +58,8 @@
return -1;
sz -= 8;
skip = beuint(d) - 8;
+ if(skip < 0)
+ return -1;
if(memcmp(&d[4], "mp4a", 4) == 0){ /* audio */
n = 6+2 + 2+4+2 + 2+2 + 2+2 + 4; /* read a bunch at once */