[FFmpeg-cvslog] avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393

Wenxiang Qian git at videolan.org
Thu Mar 28 18:34:14 EET 2019


ffmpeg | branch: release/3.4 | Wenxiang Qian <leonwxqian at qq.com> | Wed Feb 13 08:47:20 2019 +0100| [e62abf9398633c6341e34e8f2eab781dd5bf040f] | committer: Michael Niedermayer

avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e62abf9398633c6341e34e8f2eab781dd5bf040f
---

 libavformat/ftp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/ftp.c b/libavformat/ftp.c
index 9aa7a45629..7b3c8600e4 100644
--- a/libavformat/ftp.c
+++ b/libavformat/ftp.c
@@ -389,7 +389,7 @@ static int ftp_file_size(FTPContext *s)
     static const int size_codes[] = {213, 0};
 
     snprintf(command, sizeof(command), "SIZE %s\r\n", s->path);
-    if (ftp_send_command(s, command, size_codes, &res) == 213 && res) {
+    if (ftp_send_command(s, command, size_codes, &res) == 213 && res && strlen(res) > 4) {
         s->filesize = strtoll(&res[4], NULL, 10);
     } else {
         s->filesize = -1;



More information about the ffmpeg-cvslog mailing list