From 9f449d57c7d6e0b54335eaddad69ec773c31a037 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= <Reimar.Doeffinger@gmx.de>
Date: Mon, 14 Sep 2009 20:01:32 +0000
Subject: [PATCH] Check the index validity more thoroughly for the c93 probe
 function. In particular, check that length of the first index entries is not
 0 since that is interpreted "end of file" and makes no sense in the very
 first entries.

Originally committed as revision 19843 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/c93.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/libavformat/c93.c b/libavformat/c93.c
index 11a0314c74d..e829e395cc8 100644
--- a/libavformat/c93.c
+++ b/libavformat/c93.c
@@ -21,6 +21,7 @@
 
 #include "avformat.h"
 #include "voc.h"
+#include "libavutil/intreadwrite.h"
 
 typedef struct {
     uint16_t index;
@@ -43,13 +44,16 @@ typedef struct {
 
 static int probe(AVProbeData *p)
 {
-    if (p->buf[0] == 0x01 && p->buf[1] == 0x00 &&
-        p->buf[4] == 0x01 + p->buf[2] &&
-        p->buf[8] == p->buf[4] + p->buf[6] &&
-        p->buf[12] == p->buf[8] + p->buf[10])
-        return AVPROBE_SCORE_MAX;
-
-    return 0;
+    int i;
+    int index = 1;
+    if (p->buf_size < 16)
+        return 0;
+    for (i = 0; i < 16; i += 4) {
+        if (AV_RL16(p->buf + i) != index || !p->buf[i + 2] || !p->buf[i + 3])
+            return 0;
+        index += p->buf[i + 2];
+    }
+    return AVPROBE_SCORE_MAX;
 }
 
 static int read_header(AVFormatContext *s,
-- 
GitLab