Skip to content
Permalink
Browse files Browse the repository at this point in the history
avformat/mov: Fix DoS in read_tfra()
Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
  • Loading branch information
michaelni committed Sep 7, 2017
1 parent 913feb6 commit 9cb4eb7
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions libavformat/mov.c
Expand Up @@ -6094,6 +6094,13 @@ static int read_tfra(MOVContext *mov, AVIOContext *f)
}
for (i = 0; i < index->item_count; i++) {
int64_t time, offset;

if (avio_feof(f)) {
index->item_count = 0;
av_freep(&index->items);
return AVERROR_INVALIDDATA;
}

if (version == 1) {
time = avio_rb64(f);
offset = avio_rb64(f);
Expand Down

2 comments on commit 9cb4eb7

@fgeek
Copy link

@fgeek fgeek commented on 9cb4eb7 Sep 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shqking
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.