CVE-2017-14056

author Markus Koschany <apo@debian.org>

Sun, 30 Dec 2018 13:25:04 +0000 (14:25 +0100)

committer Mike Gabriel <sunweaver@debian.org>

Sat, 30 Mar 2019 20:44:13 +0000 (20:44 +0000)
author Markus Koschany <apo@debian.org>
Sun, 30 Dec 2018 13:25:04 +0000 (14:25 +0100)
committer Mike Gabriel <sunweaver@debian.org>
Sat, 30 Mar 2019 20:44:13 +0000 (20:44 +0000)
diff --git a/libavformat/rl2.c b/libavformat/rl2.c

index 5d30bf8bd6a022bd72ee74168bc7b6c8f81d173a..48c1ea686c2e80d2f01f9b76735f9480423c6b8b 100644 (file)
--- a/libavformat/rl2.c
+++ b/libavformat/rl2.c
@@ -175,12 +175,21 @@ static av_cold int rl2_read_header(AVFormatContext *s)
      }
  
      /** read offset and size tables */
-    for(i=0; i < frame_count;i++)
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
          chunk_size[i] = avio_rl32(pb);
-    for(i=0; i < frame_count;i++)
+    }
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
          chunk_offset[i] = avio_rl32(pb);
-    for(i=0; i < frame_count;i++)
+    }
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
          audio_size[i] = avio_rl32(pb) & 0xFFFF;
+    }
  
      /** build the sample index */
      for(i=0;i<frame_count;i++){
author	Markus Koschany <apo@debian.org>
	Sun, 30 Dec 2018 13:25:04 +0000 (14:25 +0100)
committer	Mike Gabriel <sunweaver@debian.org>
	Sat, 30 Mar 2019 20:44:13 +0000 (20:44 +0000)