Skip to content

Commit 9cb4eb7

Browse files
committed
avformat/mov: Fix DoS in read_tfra()
Fixes: Missing EOF check in loop No testcase Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
1 parent 913feb6 commit 9cb4eb7

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

Diff for: libavformat/mov.c

+7
Original file line numberDiff line numberDiff line change
@@ -6094,6 +6094,13 @@ static int read_tfra(MOVContext *mov, AVIOContext *f)
60946094
}
60956095
for (i = 0; i < index->item_count; i++) {
60966096
int64_t time, offset;
6097+
6098+
if (avio_feof(f)) {
6099+
index->item_count = 0;
6100+
av_freep(&index->items);
6101+
return AVERROR_INVALIDDATA;
6102+
}
6103+
60976104
if (version == 1) {
60986105
time = avio_rb64(f);
60996106
offset = avio_rb64(f);

0 commit comments

Comments
 (0)