From: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Date: Thu, 5 Dec 2019 16:27:00 +0000 (+0000)
Subject: CVE-2017-18245
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u9+rpi1^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=04beba827433b29a067df728b5da5a59a6030e9f;p=libav.git

CVE-2017-18245

commit b737a2c52857b214be246ff615c6293730033cfa
Author: wm4 <nfxjfg@googlemail.com>
Date:   Tue Feb 3 19:04:11 2015 +0100

    avformat/mpc8: fix broken pointer math

    This could overflow and crash at least on 32 bit systems.

    Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>


Gbp-Pq: Name CVE-2017-18245.patch
---

diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c
index 4b12219..cbafbe4 100644
--- a/libavformat/mpc8.c
+++ b/libavformat/mpc8.c
@@ -91,7 +91,7 @@ static int mpc8_probe(AVProbeData *p)
         size = bs_get_v(&bs);
         if (size < 2)
             return 0;
-        if (bs + size - 2 >= bs_end)
+        if (size >= bs_end - bs + 2)
             return AVPROBE_SCORE_EXTENSION - 1; // seems to be valid MPC but no header yet
         if (header_found) {
             if (size < 11 || size > 28)