From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 28 Jul 2018 13:03:50 +0000 (+0200)
Subject: avformat/flvenc: Check audio packet size
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u8+rpi1^2~8
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4227a87f30f1aaadb4a8e36dc89616ef1d5517d3;p=libav.git

avformat/flvenc: Check audio packet size

Fixes: Assertion failure
Fixes: assert_flvenc.c:941_1.swf

Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Gbp-Pq: Name CVE-2018-15822.patch
---

diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c
index cc4c782..366eb3e 100644
--- a/libavformat/flvenc.c
+++ b/libavformat/flvenc.c
@@ -438,6 +438,11 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt)
     uint8_t *data = NULL;
     int flags = 0, flags_size;
 
+    if (enc->codec_type == AVMEDIA_TYPE_AUDIO && !pkt->size) {
+        av_log(s, AV_LOG_WARNING, "Empty audio Packet\n");
+        return AVERROR(EINVAL);
+    }
+
     if (enc->codec_id == AV_CODEC_ID_VP6F || enc->codec_id == AV_CODEC_ID_VP6A ||
         enc->codec_id == AV_CODEC_ID_AAC)
         flags_size = 2;