This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit 976f4c0347e0da0636d43d234e3872ff20285750 Author: haoyuLiu <[email protected]> AuthorDate: Wed Jun 10 03:40:50 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 20:01:25 2026 +0200 avformat/http: reject request-line tokens not terminated by whitespace Fixes out of array access Found-by: Cloud-LHY (@Clouditera-lhy) / VulnForge Security Research Team Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit dd9083cb89c7f015d7fefe037a12e9e53d621cd9) Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1c15586d038910757e74a21941e87c1cf32e6c74) --- libavformat/http.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/http.c b/libavformat/http.c index 975e708684..eeb9427572 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -1108,6 +1108,8 @@ static int process_line(URLContext *h, char *line, int line_count) method = p; while (*p && !av_isspace(*p)) p++; + if (!av_isspace(*p)) + return ff_http_averror(400, AVERROR(EIO)); *(p++) = '\0'; av_log(h, AV_LOG_TRACE, "Received method: %s\n", method); if (s->method) { @@ -1134,6 +1136,8 @@ static int process_line(URLContext *h, char *line, int line_count) resource = p; while (*p && !av_isspace(*p)) p++; + if (!av_isspace(*p)) + return ff_http_averror(400, AVERROR(EIO)); *(p++) = '\0'; av_log(h, AV_LOG_TRACE, "Requested resource: %s\n", resource); if (!(s->resource = av_strdup(resource))) _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
