From b26742cc308552f242ee2bf93b07a3ff509f4edc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Storsj=C3=B6?= <martin@martin.st>
Date: Wed, 11 Sep 2013 22:19:28 +0300
Subject: [PATCH] shorten: Break out of loop looking for fmt chunk if none is
 found
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
---
 libavcodec/shorten.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 130bde63037..c394c52a265 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -221,6 +221,10 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header,
     while (bytestream2_get_le32(&gb) != MKTAG('f', 'm', 't', ' ')) {
         len = bytestream2_get_le32(&gb);
         bytestream2_skip(&gb, len);
+        if (bytestream2_get_bytes_left(&gb) < 16) {
+            av_log(avctx, AV_LOG_ERROR, "no fmt chunk found\n");
+            return AVERROR_INVALIDDATA;
+        }
     }
     len = bytestream2_get_le32(&gb);
 
-- 
GitLab