avformat/avidec: Limit formats in gab2 to srt and ass/ssa
authorMichael Niedermayer <michael@niedermayer.cc>
Tue, 30 May 2017 19:29:20 +0000 (21:29 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Wed, 31 May 2017 00:32:42 +0000 (02:32 +0200)
This prevents part of one exploit leading to an information leak

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/avidec.c

index b6ef0ac..df52092 100644 (file)
@@ -1099,6 +1099,9 @@ static int read_gab2_sub(AVFormatContext *s, AVStream *st, AVPacket *pkt)
         if (!sub_demuxer)
             goto error;
 
+        if (strcmp(sub_demuxer->name, "srt") && strcmp(sub_demuxer->name, "ass"))
+            goto error;
+
         if (!(ast->sub_ctx = avformat_alloc_context()))
             goto error;