avcodec/utils: add some saftey checks to add_metadata_from_side_data()

This fixes potential overreads with crafted files. Found-by: wm4 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2024-09-12 02:14:56 +02:00 · 2013-10-19 17:52:47 +02:00 · 2013-10-19 17:52:47 +02:00 · 838f461b07
commit 838f461b07
parent 240fd8c96f
1 changed files with 8 additions and 1 deletions
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@ -1952,10 +1952,17 @@ static int add_metadata_from_side_data(AVCodecContext *avctx, AVFrame *frame)
    if (!side_metadata)
        goto end;
    end = side_metadata + size;
+    if (size && end[-1])
+        return AVERROR_INVALIDDATA;
    while (side_metadata < end) {
        const uint8_t *key = side_metadata;
        const uint8_t *val = side_metadata + strlen(key) + 1;
-        int ret = av_dict_set(avpriv_frame_get_metadatap(frame), key, val, 0);
+        int ret;
+
+        if (val >= end)
+            return AVERROR_INVALIDDATA;
+
+        ret = av_dict_set(avpriv_frame_get_metadatap(frame), key, val, 0);
        if (ret < 0)
            break;
        side_metadata = val + strlen(val) + 1;