avidemux: Stop reading a ncdt sub-tag if it goes behind the surrounding tag

https://bugzilla.gnome.org/show_bug.cgi?id=777532

diff --git a/gst/avi/gstavidemux.c b/gst/avi/gstavidemux.c
index d7afd1e..3e21dbd 100644 (file)
--- a/gst/avi/gstavidemux.c
+++ b/gst/avi/gstavidemux.c
@@ -3914,6 +3914,9 @@ gst_avi_demux_parse_ncdt (GstAviDemux * avi, GstBuffer * buf,
           ptr += 4;
           left -= 4;
 
+          if (sub_size > tsize)
+            break;
+
           GST_DEBUG_OBJECT (avi, "sub-tag %u, size %u", sub_tag, sub_size);
           /* http://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/Nikon.html#NCTG
            * for some reason the sub_tag has a +2 offset