avformat/asfdec: Fix DoS in asf_build_simple_index()

Fixes: Missing EOF check in loop No testcase Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/asfdec: Fix DoS in asf_build_simple_index()
Fixes: Missing EOF check in loop No testcase Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
afc9c683 · Michael Niedermayer · 9cb4eb77 · afc9c683
Commit afc9c683 authored Sep 04, 2017 by Michael Niedermayer
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

asfdec_f.c libavformat/asfdec_f.c +5 -0

No files found.
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -1610,6 +1610,11 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index)
            int64_t pos       = s->internal->data_offset + s->packet_size * (int64_t)pktnum;
            int64_t index_pts = FFMAX(av_rescale(itime, i, 10000) - asf->hdr.preroll, 0);

+            if (avio_feof(s->pb)) {
+                ret = AVERROR_INVALIDDATA;
+                goto end;
+            }
+
            if (pos != last_pos) {
                av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d  pts: %"PRId64"\n",
                       pktnum, pktct, index_pts);