[FFmpeg-devel] [PATCH 1/6] avformat/mms: Add missing chunksize check
Michael Niedermayer
michael at niedermayer.cc
Wed Jul 4 00:05:25 EEST 2018
Fixes: out of array read
Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a
Found-by: Paul Ch <paulcher at icloud.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/mms.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavformat/mms.c b/libavformat/mms.c
index 17fa76a8d4..036046dc37 100644
--- a/libavformat/mms.c
+++ b/libavformat/mms.c
@@ -143,6 +143,12 @@ int ff_mms_asf_header_parser(MMSContext *mms)
}
} else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
chunksize = 46; // see references [2] section 3.4. This should be set 46.
+ if (chunksize > end - p) {
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (header chunksize %"PRId64" is invalid)\n",
+ chunksize);
+ return AVERROR_INVALIDDATA;
+ }
}
p += chunksize;
}
--
2.18.0
More information about the ffmpeg-devel
mailing list