Skip to content
Permalink
Browse files Browse the repository at this point in the history
avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset…
… loop.

Fixes: 20170829.nsv

Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
  • Loading branch information
孙浩(晓黑) authored and michaelni committed Aug 31, 2017
1 parent 73bed07 commit c24bcb5
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion libavformat/nsvdec.c
Expand Up @@ -335,8 +335,11 @@ static int nsv_parse_NSVf_header(AVFormatContext *s)
if (!nsv->nsvs_file_offset)
return AVERROR(ENOMEM);

for(i=0;i<table_entries_used;i++)
for(i=0;i<table_entries_used;i++) {
if (avio_feof(pb))
return AVERROR_INVALIDDATA;
nsv->nsvs_file_offset[i] = avio_rl32(pb) + size;
}

if(table_entries > table_entries_used &&
avio_rl32(pb) == MKTAG('T','O','C','2')) {
Expand Down

1 comment on commit c24bcb5

@shqking
Copy link

@shqking shqking commented on c24bcb5 Sep 7, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is CVE-2017-14171.

Please sign in to comment.