diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2017-08-25 02:15:30 +0300 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-09-17 16:57:27 +0300 |
commit | 28c08ab9434b839f19e8c12668bacd6361beba80 (patch) | |
tree | 7659ac56f6e482387db4fbca114392af5db18e41 | |
parent | 953c6259d601bcda1d5045339913af1978be41fe (diff) |
avformat/mvdec: Fix DoS due to lack of eof check
Fixes: loop.mv
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f05e2e2dc1a89f38cd9f0960a6561083d714f1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavformat/mvdec.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/mvdec.c b/libavformat/mvdec.c index 80ef4b1569..e9e9fab503 100644 --- a/libavformat/mvdec.c +++ b/libavformat/mvdec.c @@ -338,6 +338,8 @@ static int mv_read_header(AVFormatContext *avctx) uint32_t pos = avio_rb32(pb); uint32_t asize = avio_rb32(pb); uint32_t vsize = avio_rb32(pb); + if (avio_feof(pb)) + return AVERROR_INVALIDDATA; avio_skip(pb, 8); av_add_index_entry(ast, pos, timestamp, asize, 0, AVINDEX_KEYFRAME); av_add_index_entry(vst, pos + asize, i, vsize, 0, AVINDEX_KEYFRAME); |