This is an automated email from the git hooks/post-receive script.

Git pushed a commit to branch master
in repository ffmpeg.

The following commit(s) were added to refs/heads/master by this push:
     new 11d5f475be avformat/rtpdec_asf: reject ASF objects smaller than their 
header
11d5f475be is described below

commit 11d5f475be95d22d5f0692220cc772b116abc632
Author:     Pavel Kohout <[email protected]>
AuthorDate: Tue Jun 30 21:55:16 2026 +0200
Commit:     michaelni <[email protected]>
CommitDate: Thu Jul 2 13:32:21 2026 +0000

    avformat/rtpdec_asf: reject ASF objects smaller than their header
    
    Fixes: infinite loop
    Fixes: MzWwJdpZF2Ls
    Fixes: c2f3eec445389d67afc8c699ba23915a20cae51c (Implement RTSP-MS/ASF 
packet parsing.)
    Found-by: Pavel Kohout (Aisle Research)
    Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavformat/rtpdec_asf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c
index b3b346f3cc..f7fa69e27f 100644
--- a/libavformat/rtpdec_asf.c
+++ b/libavformat/rtpdec_asf.c
@@ -56,6 +56,8 @@ static int rtp_asf_fix_header(uint8_t *buf, int len)
         uint64_t chunksize = AV_RL64(p + sizeof(ff_asf_guid));
         int skip = 6 * 8 + 3 * 4 + sizeof(ff_asf_guid) * 2;
         if (memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
+            if (chunksize < sizeof(ff_asf_guid) + 8)
+                return -1;
             if (chunksize > end - p)
                 return -1;
             p += chunksize;

_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to