Changeset View
Changeset View
Standalone View
Standalone View
head/multimedia/mythtv/files/patch-CVE-2017-05025
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
From cf8e004a51b08c6e8ceaeebca85ab84c7ed0b4cf Mon Sep 17 00:00:00 2001 | |||||
From: Matt Wolenetz <wolenetz@google.com> | |||||
Date: Wed, 14 Dec 2016 15:24:42 -0800 | |||||
Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr | |||||
Core of patch is from paul@paulmehta.com | |||||
Reference https://crbug.com/643950 | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
Check value reduced as the code does not support larger lengths | |||||
(cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9) | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
--- | |||||
libavformat/mov.c | 2 ++ | |||||
1 file changed, 2 insertions(+) | |||||
diff --git libavformat/mov.c libavformat/mov.c | |||||
index 1e2141808da..17d0475aae1 100644 | |||||
--- external/FFmpeg/libavformat/mov.c | |||||
+++ external/FFmpeg/libavformat/mov.c | |||||
@@ -739,6 +739,8 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom) | |||||
title_size = atom.size - 24; | |||||
if (title_size > 0) { | |||||
+ if (title_size > FFMIN(INT_MAX, SIZE_MAX-1)) | |||||
+ return AVERROR_INVALIDDATA; | |||||
title_str = av_malloc(title_size + 1); /* Add null terminator */ | |||||
if (!title_str) | |||||
return AVERROR(ENOMEM); |