Skip to content
Permalink
Browse files Browse the repository at this point in the history
avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample
Fixes: out of array read
Fixes: ffmpeg_crash_8.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
  • Loading branch information
michaelni committed Jun 28, 2018
1 parent 00e8181 commit 95556e2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion libavformat/movenc.c
Expand Up @@ -429,7 +429,7 @@ static int handle_eac3(MOVMuxContext *mov, AVPacket *pkt, MOVTrack *track)

if (hdr->substreamid == info->num_ind_sub + 1) {
//info->num_ind_sub++;
avpriv_request_sample(track->par, "Multiple independent substreams");
avpriv_request_sample(mov->fc, "Multiple independent substreams");
ret = AVERROR_PATCHWELCOME;
goto end;
} else if (hdr->substreamid < info->num_ind_sub ||
Expand Down

1 comment on commit 95556e2

@thuanpv
Copy link

@thuanpv thuanpv commented on 95556e2 Jul 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is CVE-2018-13300

Please sign in to comment.