highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mxfdec: Fix a potential DoS vector in mxf_read_pixel_layout()

Browse Source 
There's a a potential DoS problem in this function. Say an MXF file is
created with a PixelLayout with a long run of non-zeroes. Such a file could be
sent quickly (packed) over the net and would unpack quite fast. mxfdec would
then read it byte-by-byte, which would take considerable time.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Tomas Härdin 2012-10-24 16:51:41 +02:00 committed by Michael Niedermayer
parent 187630b244
commit 1d22d269f5
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavformat/mxfdec.c
View File

@ -792,7 +792,8 @@ static void mxf_read_pixel_layout(AVIOContext *pb, MXFDescriptor *descriptor)
if (ofs <= 14) { if (ofs <= 14) {
layout[ofs++] = code; layout[ofs++] = code;
layout[ofs++] = value; layout[ofs++] = value;
} } else
break; /* don't read byte by byte on sneaky files filled with lots of non-zeroes */
} while (code != 0); /* SMPTE 377M E.2.46 */ } while (code != 0); /* SMPTE 377M E.2.46 */
ff_mxf_decode_pixel_layout(layout, &descriptor->pix_fmt); ff_mxf_decode_pixel_layout(layout, &descriptor->pix_fmt);