diff options
Diffstat (limited to 'multimedia/mythtv/files/patch-CVE-2017-14222')
| -rw-r--r-- | multimedia/mythtv/files/patch-CVE-2017-14222 | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/multimedia/mythtv/files/patch-CVE-2017-14222 b/multimedia/mythtv/files/patch-CVE-2017-14222 new file mode 100644 index 000000000000..bc57775e06fb --- /dev/null +++ b/multimedia/mythtv/files/patch-CVE-2017-14222 @@ -0,0 +1,34 @@ +From c9527df274ada02a19c2f973b29d1d5b7069d4bf Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Tue, 5 Sep 2017 00:16:29 +0200 +Subject: [PATCH] avformat/mov: Fix DoS in read_tfra() + +Fixes: Missing EOF check in loop +No testcase + +Found-by: Xiaohei and Wangchu from Alibaba Security Team +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +(cherry picked from commit 9cb4eb772839c5e1de2855d126bf74ff16d13382) +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavformat/mov.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git libavformat/mov.c libavformat/mov.c +index 405476fd712..b97aa001a37 100644 +--- external/FFmpeg/libavformat/mov.c ++++ external/FFmpeg/libavformat/mov.c +@@ -5394,6 +5394,13 @@ static int read_tfra(MOVContext *mov, AVIOContext *f) + } + for (i = 0; i < index->item_count; i++) { + int64_t time, offset; ++ ++ if (avio_feof(f)) { ++ index->item_count = 0; ++ av_freep(&index->items); ++ return AVERROR_INVALIDDATA; ++ } ++ + if (version == 1) { + time = avio_rb64(f); + offset = avio_rb64(f); |