Skip to content
Permalink
Browse files

avformat/asfdec: Fix DoS in asf_build_simple_index()

Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
  • Loading branch information...
Michael Niedermayer
Michael Niedermayer committed Sep 4, 2017
1 parent 9cb4eb7 commit afc9c683ed9db01edb357bc8c19edad4282b3a97
Showing with 5 additions and 0 deletions.
  1. +5 −0 libavformat/asfdec_f.c
@@ -1610,6 +1610,11 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index)
int64_t pos = s->internal->data_offset + s->packet_size * (int64_t)pktnum;
int64_t index_pts = FFMAX(av_rescale(itime, i, 10000) - asf->hdr.preroll, 0);

if (avio_feof(s->pb)) {
ret = AVERROR_INVALIDDATA;
goto end;
}

if (pos != last_pos) {
av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d pts: %"PRId64"\n",
pktnum, pktct, index_pts);

2 comments on commit afc9c68

@fgeek

This comment has been minimized.

@shqking

This comment has been minimized.

Copy link

replied Sep 11, 2017

This is CVE-2017-14223.

Please sign in to comment.
You can’t perform that action at this time.