[FFmpeg-devel] [PATCH] avformat/asfdec: Fix DoS due to lack of eof check
Michael Niedermayer
michael at niedermayer.cc
Fri Aug 25 13:37:25 EEST 2017
From: "wangchu.zhl at alibaba-inc.com" <wangchu.zhl at alibaba-inc.com>
Fixes: loop.asf
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/asfdec_f.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index be09a92bd1..f3acbae280 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -749,13 +749,15 @@ static int asf_read_marker(AVFormatContext *s, int64_t size)
count = avio_rl32(pb); // markers count
avio_rl16(pb); // reserved 2 bytes
name_len = avio_rl16(pb); // name length
- for (i = 0; i < name_len; i++)
- avio_r8(pb); // skip the name
+ avio_skip(pb, name_len);
for (i = 0; i < count; i++) {
int64_t pres_time;
int name_len;
+ if (avio_feof(pb))
+ return AVERROR_INVALIDDATA;
+
avio_rl64(pb); // offset, 8 bytes
pres_time = avio_rl64(pb); // presentation time
pres_time -= asf->hdr.preroll * 10000;
--
2.14.1
More information about the ffmpeg-devel
mailing list