Changeset View
Changeset View
Standalone View
Standalone View
head/multimedia/mythtv/files/patch-CVE-2017-14222
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
From c9527df274ada02a19c2f973b29d1d5b7069d4bf Mon Sep 17 00:00:00 2001 | |||||
From: Michael Niedermayer <michael@niedermayer.cc> | |||||
Date: Tue, 5 Sep 2017 00:16:29 +0200 | |||||
Subject: [PATCH] avformat/mov: Fix DoS in read_tfra() | |||||
Fixes: Missing EOF check in loop | |||||
No testcase | |||||
Found-by: Xiaohei and Wangchu from Alibaba Security Team | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
(cherry picked from commit 9cb4eb772839c5e1de2855d126bf74ff16d13382) | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
--- | |||||
libavformat/mov.c | 7 +++++++ | |||||
1 file changed, 7 insertions(+) | |||||
diff --git libavformat/mov.c libavformat/mov.c | |||||
index 405476fd712..b97aa001a37 100644 | |||||
--- external/FFmpeg/libavformat/mov.c | |||||
+++ external/FFmpeg/libavformat/mov.c | |||||
@@ -5394,6 +5394,13 @@ static int read_tfra(MOVContext *mov, AVIOContext *f) | |||||
} | |||||
for (i = 0; i < index->item_count; i++) { | |||||
int64_t time, offset; | |||||
+ | |||||
+ if (avio_feof(f)) { | |||||
+ index->item_count = 0; | |||||
+ av_freep(&index->items); | |||||
+ return AVERROR_INVALIDDATA; | |||||
+ } | |||||
+ | |||||
if (version == 1) { | |||||
time = avio_rb64(f); | |||||
offset = avio_rb64(f); |