oma: correctly mark and decrypt partial packets

Incomplete crypted files would lead to a read after buffer boundary otherwise. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org

oma: correctly mark and decrypt partial packets
Incomplete crypted files would lead to a read after buffer boundary otherwise. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
2219e27b · Luca Barbato · 9d0b45ad · 2219e27b
隐藏空白更改
内联并排

Showing with 8 addition and 2 deletion

libavformat/omadec.c libavformat/omadec.c +8 -2

未找到文件。
--- a/libavformat/omadec.c
+++ b/libavformat/omadec.c
@@ -405,6 +405,9 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
    int packet_size = s->streams[0]->codec->block_align;
    int ret = av_get_packet(s->pb, pkt, packet_size);

+    if (ret < packet_size)
+        pkt->flags |= AV_PKT_FLAG_CORRUPT;
+
    if (ret < 0)
        return ret;
    if (!ret)
@@ -415,8 +418,11 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
    if (oc->encrypted) {
        /* previous unencrypted block saved in IV for
         * the next packet (CBC mode) */
-        av_des_crypt(&oc->av_des, pkt->data, pkt->data,
-                     (packet_size >> 3), oc->iv, 1);
+        if (ret == packet_size)
+            av_des_crypt(&oc->av_des, pkt->data, pkt->data,
+                         (packet_size >> 3), oc->iv, 1);
+        else
+            memset(oc->iv, 0, 8);
    }

    return ret;