avformat/cinedec: Fix DoS due to lack of eof check
author孙浩 and 张洪亮(望初) <tony.sh and wangchu.zhl@alibaba-inc.com>
Thu, 24 Aug 2017 23:15:27 +0000 (01:15 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 9 Sep 2017 23:33:28 +0000 (01:33 +0200)
Fixes: loop.cine

Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e80b63ecd259d69d383623e75b318bf2bd491f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/cinedec.c

index 763b93b..de34fb9 100644 (file)
@@ -267,8 +267,12 @@ static int cine_read_header(AVFormatContext *avctx)
 
     /* parse image offsets */
     avio_seek(pb, offImageOffsets, SEEK_SET);
-    for (i = 0; i < st->duration; i++)
+    for (i = 0; i < st->duration; i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
+
         av_add_index_entry(st, avio_rl64(pb), i, 0, 0, AVINDEX_KEYFRAME);
+    }
 
     return 0;
 }