CVE-2017-14057

author Markus Koschany <apo@debian.org>

Wed, 31 Jan 2018 13:48:32 +0000 (14:48 +0100)

committer Mike Gabriel <sunweaver@debian.org>

Sat, 31 Aug 2019 15:36:55 +0000 (16:36 +0100)
author Markus Koschany <apo@debian.org>
Wed, 31 Jan 2018 13:48:32 +0000 (14:48 +0100)
committer Mike Gabriel <sunweaver@debian.org>
Sat, 31 Aug 2019 15:36:55 +0000 (16:36 +0100)
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c

index 85e800d5015ffcdd9379d4a3b4558f2faf7b3837..1ec36aaafcd704f1e80cf26bc6a52568ac3e94af 100644 (file)
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -683,13 +683,15 @@ static int asf_read_marker(AVFormatContext *s, int64_t size)
      count = avio_rl32(pb);    // markers count
      avio_rl16(pb);            // reserved 2 bytes
      name_len = avio_rl16(pb); // name length
-    for (i = 0; i < name_len; i++)
-        avio_r8(pb); // skip the name
+    avio_skip(pb, name_len);
  
      for (i = 0; i < count; i++) {
          int64_t pres_time;
          int name_len;
  
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
+
          avio_rl64(pb);             // offset, 8 bytes
          pres_time = avio_rl64(pb); // presentation time
          pres_time -= asf->hdr.preroll * 10000;
author	Markus Koschany <apo@debian.org>
	Wed, 31 Jan 2018 13:48:32 +0000 (14:48 +0100)
committer	Mike Gabriel <sunweaver@debian.org>
	Sat, 31 Aug 2019 15:36:55 +0000 (16:36 +0100)