diff options
author | Tomas Härdin <tomas.hardin@codemill.se> | 2012-10-24 16:51:41 +0200 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2012-10-24 17:44:35 +0200 |
commit | 1d22d269f54cc7e44f778bb6ffee96a172eb07a1 (patch) | |
tree | 0e8ef325f022c656dd8b48760a12e5e28fea5662 /libavformat/mxfdec.c | |
parent | 187630b2449f1eae1096f81f31bab7d81bed3cf1 (diff) |
mxfdec: Fix a potential DoS vector in mxf_read_pixel_layout()
There's a a potential DoS problem in this function. Say an MXF file is
created with a PixelLayout with a long run of non-zeroes. Such a file could be
sent quickly (packed) over the net and would unpack quite fast. mxfdec would
then read it byte-by-byte, which would take considerable time.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat/mxfdec.c')
-rw-r--r-- | libavformat/mxfdec.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 3f6b7d9b5e..d4ab49f119 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -792,7 +792,8 @@ static void mxf_read_pixel_layout(AVIOContext *pb, MXFDescriptor *descriptor) if (ofs <= 14) { layout[ofs++] = code; layout[ofs++] = value; - } + } else + break; /* don't read byte by byte on sneaky files filled with lots of non-zeroes */ } while (code != 0); /* SMPTE 377M E.2.46 */ ff_mxf_decode_pixel_layout(layout, &descriptor->pix_fmt); |