Changeset View
Changeset View
Standalone View
Standalone View
head/multimedia/mythtv/files/patch-CVE-2017-14171
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
From a051de092e9c709b69d24d94b66a382909be67d5 Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= | |||||
<tony.sh@alibaba-inc.com> | |||||
Date: Tue, 29 Aug 2017 23:59:21 +0200 | |||||
Subject: [PATCH] avformat/nsvdec: Fix DoS due to lack of eof check in | |||||
nsvs_file_offset loop. | |||||
MIME-Version: 1.0 | |||||
Content-Type: text/plain; charset=UTF-8 | |||||
Content-Transfer-Encoding: 8bit | |||||
Fixes: 20170829.nsv | |||||
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com> | |||||
Found-by: Xiaohei and Wangchu from Alibaba Security Team | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
(cherry picked from commit c24bcb553650b91e9eff15ef6e54ca73de2453b7) | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
--- | |||||
libavformat/nsvdec.c | 5 ++++- | |||||
1 file changed, 4 insertions(+), 1 deletion(-) | |||||
diff --git libavformat/nsvdec.c libavformat/nsvdec.c | |||||
index 507fb396a51..16d2fa59e21 100644 | |||||
--- external/FFmpeg/libavformat/nsvdec.c | |||||
+++ external/FFmpeg/libavformat/nsvdec.c | |||||
@@ -350,8 +350,11 @@ static int nsv_parse_NSVf_header(AVFormatContext *s) | |||||
if (!nsv->nsvs_file_offset) | |||||
return AVERROR(ENOMEM); | |||||
- for(i=0;i<table_entries_used;i++) | |||||
+ for(i=0;i<table_entries_used;i++) { | |||||
+ if (avio_feof(pb)) | |||||
+ return AVERROR_INVALIDDATA; | |||||
nsv->nsvs_file_offset[i] = avio_rl32(pb) + size; | |||||
+ } | |||||
if(table_entries > table_entries_used && | |||||
avio_rl32(pb) == MKTAG('T','O','C','2')) { |