Headline
CVE-2018-15822: avformat/flvenc: Check audio packet size · FFmpeg/FFmpeg@6b67d7f
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
Permalink
Browse files
avformat/flvenc: Check audio packet size
Fixes: Assertion failure Fixes: assert_flvenc.c:941_1.swf
Found-by: #CHEN HONGXU# [email protected] Signed-off-by: Michael Niedermayer [email protected]
- Loading branch information
1 parent 476fd6b commit 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
Showing 1 changed file with 5 additions and 0 deletions.
@@ -883,6 +883,11 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt)
int flags = -1, flags_size, ret;
int64_t cur_offset = avio_tell(pb);
if (par->codec_type == AVMEDIA_TYPE_AUDIO && !pkt->size) {
av_log(s, AV_LOG_WARNING, “Empty audio Packet\n”);
return AVERROR(EINVAL);
}
if (par->codec_id == AV_CODEC_ID_VP6F || par->codec_id == AV_CODEC_ID_VP6A ||
par->codec_id == AV_CODEC_ID_VP6 || par->codec_id == AV_CODEC_ID_AAC)
flags_size = 2;
1 comment on commit 6b67d7f
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please sign in to comment.