multimedia/ffmpeg/files/patch-CVE-2018-7751


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

commit 3fa6e594a0f2575ddb6b2183961fde42ab5ab37b
Author: Michael Niedermayer <michael@niedermayer.cc>
Date:   Sat Mar 10 01:40:36 2018 +0100

    avformat/img2dec: fix infinite loop
    
    Fixes: kira-poc
    
    Found-by: Kira <kira_cxy@foxmail.com>
    Change suggested by Kira
    Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
    (cherry picked from commit a6cba062051f345e8ebfdff34aba071ed73d923f)
    Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/img2dec.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git libavformat/img2dec.c libavformat/img2dec.c
index ecf64eaffa..2585634e7c 100644
--- libavformat/img2dec.c
+++ libavformat/img2dec.c
@@ -878,10 +878,14 @@ static int svg_probe(AVProbeData *p)
 {
     const uint8_t *b = p->buf;
     const uint8_t *end = p->buf + p->buf_size;
+
     if (memcmp(p->buf, "<?xml", 5))
         return 0;
     while (b < end) {
-        b += ff_subtitles_next_line(b);
+        int inc = ff_subtitles_next_line(b);
+        if (!inc)
+            break;
+        b += inc;
         if (b >= end - 4)
             return 0;
         if (!memcmp(b, "<svg", 4))