avformat/asfdec: Fix DoS in asf_build_simple_index()

Fixes: Missing EOF check in loop
No testcase

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
[sunweaver] - Backport to libav as found in Debian jessie LTS.

Gbp-Pq: Name CVE-2017-14223.patch

diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 1ec36aaafcd704f1e80cf26bc6a52568ac3e94af..65cac31dc6744b86d7d85c0c1edeb5a87fdf184a 100644 (file)
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -1442,6 +1442,11 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index)
             int64_t pos       = s->data_offset + s->packet_size * (int64_t)pktnum;
             int64_t index_pts = FFMAX(av_rescale(itime, i, 10000) - asf->hdr.preroll, 0);
 
+            if (avio_feof(s->pb)) {
+                ret = AVERROR_INVALIDDATA;
+                goto end;
+            }
+
             if (pos != last_pos) {
                 av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d  pts: %"PRId64"\n",
                        pktnum, pktct, index_pts);