aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2017-08-25 01:15:30 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2017-08-27 19:23:37 +0200
commit4f05e2e2dc1a89f38cd9f0960a6561083d714f1e (patch)
treeea95b753d99856d9426e54d1aa019b5624286c17
parent96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de (diff)
downloadffmpeg-4f05e2e2dc1a89f38cd9f0960a6561083d714f1e.tar.gz
avformat/mvdec: Fix DoS due to lack of eof check
Fixes: loop.mv Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavformat/mvdec.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/mvdec.c b/libavformat/mvdec.c
index 0e12c8c6c1..f7aa4cbaec 100644
--- a/libavformat/mvdec.c
+++ b/libavformat/mvdec.c
@@ -342,6 +342,8 @@ static int mv_read_header(AVFormatContext *avctx)
uint32_t pos = avio_rb32(pb);
uint32_t asize = avio_rb32(pb);
uint32_t vsize = avio_rb32(pb);
+ if (avio_feof(pb))
+ return AVERROR_INVALIDDATA;
avio_skip(pb, 8);
av_add_index_entry(ast, pos, timestamp, asize, 0, AVINDEX_KEYFRAME);
av_add_index_entry(vst, pos + asize, i, vsize, 0, AVINDEX_KEYFRAME);