Skip to content
Permalink
Browse files Browse the repository at this point in the history
avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_IN…
…DEPENDENT have a supported substream id

Fixes: out of array access
Fixes: ffmpeg_bof_1.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
  • Loading branch information
michaelni committed Jun 28, 2018
1 parent 75a2db5 commit ed22dc2
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions libavformat/movenc.c
Expand Up @@ -437,6 +437,12 @@ static int handle_eac3(MOVMuxContext *mov, AVPacket *pkt, MOVTrack *track)
info->ec3_done = 1;
goto concatenate;
}
} else {
if (hdr->substreamid != 0) {
avpriv_request_sample(mov->fc, "Multiple non EAC3 independent substreams");
ret = AVERROR_PATCHWELCOME;
goto end;
}
}

/* fill the info needed for the "dec3" atom */
Expand Down

1 comment on commit ed22dc2

@thuanpv
Copy link

@thuanpv thuanpv commented on ed22dc2 Jul 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is CVE-2018-13302

Please sign in to comment.