From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Dec 2018 16:39:40 +0000 (+0100)
Subject: CVE-2017-14767
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u6+rpi1^2~19
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3763018de298f38aca523b50ca9d20498369b93c;p=libav.git

CVE-2017-14767

Origin: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d

Gbp-Pq: Name CVE-2017-14767.patch
---

diff --git a/libavformat/rtpdec_h264.c b/libavformat/rtpdec_h264.c
index abf1f39..72f645f 100644
--- a/libavformat/rtpdec_h264.c
+++ b/libavformat/rtpdec_h264.c
@@ -116,6 +116,11 @@ static int sdp_parse_fmtp_config_h264(AVFormatContext *s,
         codec->extradata_size = 0;
         av_freep(&codec->extradata);
 
+        if (*value == 0 || value[strlen(value) - 1] == ',') {
+             av_log(s, AV_LOG_WARNING, "Missing PPS in sprop-parameter-sets, ignoring\n");
+             return 0;
+         }
+
         while (*value) {
             char base64packet[1024];
             uint8_t decoded_packet[1024];