projects / platform / core / multimedia / libmm-fileinfo.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8c03a81)
Fix heap buffer overflow 12/255012/3 accepted/tizen/6.5/unified/20211028.115620 accepted/tizen/unified/20210316.151432 submit/tizen/20210312.013632 submit/tizen_6.5/20211028.162401 tizen_6.5.m2_release
authorMinje Ahn <minje.ahn@samsung.com>
Thu, 11 Mar 2021 08:21:30 +0000 (17:21 +0900)
committerMinje Ahn <minje.ahn@samsung.com>
Thu, 11 Mar 2021 09:08:23 +0000 (18:08 +0900)
Change-Id: I3fb0f4762c979a54f2d990f3696c4f66f2383383
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>
formats/ffmpeg/mm_file_format_midi.c patch | blob | history

diff --git a/formats/ffmpeg/mm_file_format_midi.c b/formats/ffmpeg/mm_file_format_midi.c
index 06e9e55..e9a170a 100755 (executable)
--- a/formats/ffmpeg/mm_file_format_midi.c
+++ b/formats/ffmpeg/mm_file_format_midi.c
@@ -787,13 +787,13 @@ static void __AvGetMidiDuration(char *szFileName, MIDI_INFO_SIMPLE *info)
        }
 
        /*check format*/
-       if (!(memcmp(pbFile, MMFILE_XMF_100, 8)) ||
+       if (dFileSize >= 8 && (!(memcmp(pbFile, MMFILE_XMF_100, 8)) ||
                !(memcmp(pbFile, MMFILE_XMF_101, 8)) ||
-               !(memcmp(pbFile, MMFILE_MXMF_200, 8))) {
+               !(memcmp(pbFile, MMFILE_MXMF_200, 8)))) {
 
                is_xmf = 1;
                codecType = AV_DEC_AUDIO_XMF;
-       } else if (!(memcmp(pbFile, MMFILE_RMF, 4))) {
+       } else if (dFileSize >= 4 && !(memcmp(pbFile, MMFILE_RMF, 4))) {
                is_xmf = 0;
                codecType = AV_DEC_AUDIO_RMF;
        } else {
Domain: Multimedia / Media Content;