diff options
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14054.patch')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14054.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14054.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14054.patch new file mode 100644 index 0000000000..e8baa188a3 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14054.patch @@ -0,0 +1,39 @@ +From 124eb202e70678539544f6268efc98131f19fa49 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=20and=20=E5=BC=A0=E6=B4=AA=E4=BA=AE=28?= + =?UTF-8?q?=E6=9C=9B=E5=88=9D=29?= <tony.sh and wangchu.zhl@alibaba-inc.com> +Date: Fri, 25 Aug 2017 01:15:28 +0200 +Subject: [PATCH] avformat/rmdec: Fix DoS due to lack of eof check + +Fixes: loop.ivr + +Found-by: Xiaohei and Wangchu from Alibaba Security Team +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + +CVE: CVE-2017-14054 +Upstream-Status: Backport + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + libavformat/rmdec.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c +index 178eaea..d6d7d9c 100644 +--- a/libavformat/rmdec.c ++++ b/libavformat/rmdec.c +@@ -1223,8 +1223,11 @@ static int ivr_read_header(AVFormatContext *s) + av_log(s, AV_LOG_DEBUG, "%s = '%s'\n", key, val); + } else if (type == 4) { + av_log(s, AV_LOG_DEBUG, "%s = '0x", key); +- for (j = 0; j < len; j++) ++ for (j = 0; j < len; j++) { ++ if (avio_feof(pb)) ++ return AVERROR_INVALIDDATA; + av_log(s, AV_LOG_DEBUG, "%X", avio_r8(pb)); ++ } + av_log(s, AV_LOG_DEBUG, "'\n"); + } else if (len == 4 && type == 3 && !strncmp(key, "StreamCount", tlen)) { + nb_streams = value = avio_rb32(pb); +-- +2.1.0 + |