diff options
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14171.patch')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14171.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14171.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14171.patch deleted file mode 100644 index e2ae2040cf..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14171.patch +++ /dev/null @@ -1,44 +0,0 @@ -From c24bcb553650b91e9eff15ef6e54ca73de2453b7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= - <tony.sh@alibaba-inc.com> -Date: Tue, 29 Aug 2017 23:59:21 +0200 -Subject: [PATCH] avformat/nsvdec: Fix DoS due to lack of eof check in - nsvs_file_offset loop. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: 20170829.nsv - -Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com> -Found-by: Xiaohei and Wangchu from Alibaba Security Team -Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> - -CVE: CVE-2017-14171 -Upstream-Status: Backport - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - libavformat/nsvdec.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c -index c6ddb67..d8ce656 100644 ---- a/libavformat/nsvdec.c -+++ b/libavformat/nsvdec.c -@@ -335,8 +335,11 @@ static int nsv_parse_NSVf_header(AVFormatContext *s) - if (!nsv->nsvs_file_offset) - return AVERROR(ENOMEM); - -- for(i=0;i<table_entries_used;i++) -+ for(i=0;i<table_entries_used;i++) { -+ if (avio_feof(pb)) -+ return AVERROR_INVALIDDATA; - nsv->nsvs_file_offset[i] = avio_rl32(pb) + size; -+ } - - if(table_entries > table_entries_used && - avio_rl32(pb) == MKTAG('T','O','C','2')) { --- -2.1.0 - |