Skip to content

Commit

Permalink
avformat/asfdec: Fix DoS in asf_build_simple_index()
Browse files Browse the repository at this point in the history 
Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
  • Loading branch information
@michaelni
michaelni committed Sep 7, 2017
1 parent 9cb4eb7 commit afc9c68
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions libavformat/asfdec_f.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1610,6 +1610,11 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index)
int64_t pos = s->internal->data_offset + s->packet_size * (int64_t)pktnum;
int64_t index_pts = FFMAX(av_rescale(itime, i, 10000) - asf->hdr.preroll, 0);

if (avio_feof(s->pb)) {
ret = AVERROR_INVALIDDATA;
goto end;
}

if (pos != last_pos) {
av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d pts: %"PRId64"\n",
pktnum, pktct, index_pts);
Expand Down

2 comments on commit afc9c68

@fgeek
Copy link

@fgeek fgeek commented on afc9c68 Sep 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://nvd.nist.gov/vuln/detail/CVE-2017-14223

@shqking
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is CVE-2017-14223.

Please sign in to comment.