Skip to content

Commit c24bcb5

Browse files
孙浩(晓黑)michaelni
孙浩(晓黑)
authored andcommitted
avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop.
Fixes: 20170829.nsv Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com> Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
1 parent 73bed07 commit c24bcb5

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

Diff for: libavformat/nsvdec.c

+4-1
Original file line numberDiff line numberDiff line change
@@ -335,8 +335,11 @@ static int nsv_parse_NSVf_header(AVFormatContext *s)
335335
if (!nsv->nsvs_file_offset)
336336
return AVERROR(ENOMEM);
337337

338-
for(i=0;i<table_entries_used;i++)
338+
for(i=0;i<table_entries_used;i++) {
339+
if (avio_feof(pb))
340+
return AVERROR_INVALIDDATA;
339341
nsv->nsvs_file_offset[i] = avio_rl32(pb) + size;
342+
}
340343

341344
if(table_entries > table_entries_used &&
342345
avio_rl32(pb) == MKTAG('T','O','C','2')) {

0 commit comments

Comments
 (0)