From 50a37f9202a86c3dcdd7076ecf8f0d446c542b25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Sat, 23 Feb 2013 19:44:46 +0100 Subject: [PATCH] pmpdec: check for EOF while reading index. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise even a tiny file can trigger a huge memory allocation. Related to ticket #2298. Signed-off-by: Reimar Döffinger --- libavformat/pmpdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/pmpdec.c b/libavformat/pmpdec.c index 2ea37ef030..313370787e 100644 --- a/libavformat/pmpdec.c +++ b/libavformat/pmpdec.c @@ -105,6 +105,10 @@ static int pmp_header(AVFormatContext *s) for (i = 0; i < index_cnt; i++) { int size = avio_rl32(pb); int flags = size & 1 ? AVINDEX_KEYFRAME : 0; + if (url_feof(pb)) { + av_log(s, AV_LOG_FATAL, "Encountered EOF while reading index.\n"); + return AVERROR_INVALIDDATA; + } size >>= 1; av_add_index_entry(vst, pos, i, size, 0, flags); pos += size;