[FFmpeg-cvslog] avformat/avidec: Limit formats in gab2 to srt and ass/ssa

Fri Jun 2 03:12:18 EEST 2017

ffmpeg | branch: release/3.3 | Michael Niedermayer <michael at niedermayer.cc> | Tue May 30 21:29:20 2017 +0200| [1998147f2ebcb0eff33438339b2051d159edb688] | committer: Michael Niedermayer

avformat/avidec: Limit formats in gab2 to srt and ass/ssa

This prevents part of one exploit leading to an information leak

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu at google.com>

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a5d849b149ca67ced2d271dc84db0bc95a548abb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1998147f2ebcb0eff33438339b2051d159edb688
---

 libavformat/avidec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 4e694fe447..ed043470f0 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -1098,6 +1098,9 @@ static int read_gab2_sub(AVFormatContext *s, AVStream *st, AVPacket *pkt)
         if (!sub_demuxer)
             goto error;
 
+        if (strcmp(sub_demuxer->name, "srt") && strcmp(sub_demuxer->name, "ass"))
+            goto error;
+
         if (!(ast->sub_ctx = avformat_alloc_context()))
             goto error;
 

