This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new dd9083cb89 avformat/http: reject request-line tokens not terminated by
whitespace
dd9083cb89 is described below
commit dd9083cb89c7f015d7fefe037a12e9e53d621cd9
Author: haoyuLiu <[email protected]>
AuthorDate: Wed Jun 10 03:40:50 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Fri Jun 12 16:47:05 2026 +0000
avformat/http: reject request-line tokens not terminated by whitespace
Fixes out of array access
Found-by: Cloud-LHY (@Clouditera-lhy) / VulnForge Security Research Team
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavformat/http.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/http.c b/libavformat/http.c
index fca9f55fe6..e0cf9e7424 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -1189,6 +1189,8 @@ static int process_line(URLContext *h, char *line, int
line_count, int *parsed_h
method = p;
while (*p && !av_isspace(*p))
p++;
+ if (!av_isspace(*p))
+ return ff_http_averror(400, AVERROR(EIO));
*(p++) = '\0';
av_log(h, AV_LOG_TRACE, "Received method: %s\n", method);
if (s->method) {
@@ -1215,6 +1217,8 @@ static int process_line(URLContext *h, char *line, int
line_count, int *parsed_h
resource = p;
while (*p && !av_isspace(*p))
p++;
+ if (!av_isspace(*p))
+ return ff_http_averror(400, AVERROR(EIO));
*(p++) = '\0';
av_log(h, AV_LOG_TRACE, "Requested resource: %s\n", resource);
if (!(s->resource = av_strdup(resource)))
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
