[FFmpeg-devel] [PATCH 1/6] avformat/cinedec: Fix DoS due to lack of eof check
Michael Niedermayer
michael at niedermayer.cc
Fri Aug 25 02:15:27 EEST 2017
From: 孙浩 and 张洪亮(望初) <tony.sh and wangchu.zhl at alibaba-inc.com>
Fixes: loop.cine
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/cinedec.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/cinedec.c b/libavformat/cinedec.c
index 763b93ba2e..de34fb9638 100644
--- a/libavformat/cinedec.c
+++ b/libavformat/cinedec.c
@@ -267,8 +267,12 @@ static int cine_read_header(AVFormatContext *avctx)
/* parse image offsets */
avio_seek(pb, offImageOffsets, SEEK_SET);
- for (i = 0; i < st->duration; i++)
+ for (i = 0; i < st->duration; i++) {
+ if (avio_feof(pb))
+ return AVERROR_INVALIDDATA;
+
av_add_index_entry(st, avio_rl64(pb), i, 0, 0, AVINDEX_KEYFRAME);
+ }
return 0;
}
--
2.14.1
More information about the ffmpeg-devel
mailing list