Changeset View
Changeset View
Standalone View
Standalone View
head/multimedia/mythtv/files/patch-CVE-2017-14057
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
From f94517934bf0ff2510f472fa2bc4cd362951109c Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= | |||||
=?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= <tony.sh and wangchu.zhl@alibaba-inc.com> | |||||
Date: Fri, 25 Aug 2017 12:37:25 +0200 | |||||
Subject: [PATCH] avformat/asfdec: Fix DoS due to lack of eof check | |||||
Fixes: loop.asf | |||||
Found-by: Xiaohei and Wangchu from Alibaba Security Team | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
(cherry picked from commit 7f9ec5593e04827249e7aeb466da06a98a0d7329) | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
--- | |||||
libavformat/asfdec_f.c | 6 ++++-- | |||||
1 file changed, 4 insertions(+), 2 deletions(-) | |||||
diff --git libavformat/asfdec_f.c libavformat/asfdec_f.c | |||||
index b973eff96e4..2cacafe50d5 100644 | |||||
--- external/FFmpeg/libavformat/asfdec_f.c | |||||
+++ external/FFmpeg/libavformat/asfdec_f.c | |||||
@@ -749,13 +749,15 @@ static int asf_read_marker(AVFormatContext *s, int64_t size) | |||||
count = avio_rl32(pb); // markers count | |||||
avio_rl16(pb); // reserved 2 bytes | |||||
name_len = avio_rl16(pb); // name length | |||||
- for (i = 0; i < name_len; i++) | |||||
- avio_r8(pb); // skip the name | |||||
+ avio_skip(pb, name_len); | |||||
for (i = 0; i < count; i++) { | |||||
int64_t pres_time; | |||||
int name_len; | |||||
+ if (avio_feof(pb)) | |||||
+ return AVERROR_INVALIDDATA; | |||||
+ | |||||
avio_rl64(pb); // offset, 8 bytes | |||||
pres_time = avio_rl64(pb); // presentation time | |||||
pres_time -= asf->hdr.preroll * 10000; |