PR #23428 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23428 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23428.patch
Fixes out of array access Found-by: Cloud-LHY (@Clouditera-lhy) / VulnForge Security Research Team Signed-off-by: Michael Niedermayer <[email protected]> >From c25fe9ec2e1e148abed70a21c7430ac76b7e698d Mon Sep 17 00:00:00 2001 From: haoyuLiu <[email protected]> Date: Wed, 10 Jun 2026 03:40:50 +0200 Subject: [PATCH] avformat/http: reject request-line tokens not terminated by whitespace Fixes out of array access Found-by: Cloud-LHY (@Clouditera-lhy) / VulnForge Security Research Team Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/http.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/http.c b/libavformat/http.c index fca9f55fe6..e0cf9e7424 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -1189,6 +1189,8 @@ static int process_line(URLContext *h, char *line, int line_count, int *parsed_h method = p; while (*p && !av_isspace(*p)) p++; + if (!av_isspace(*p)) + return ff_http_averror(400, AVERROR(EIO)); *(p++) = '\0'; av_log(h, AV_LOG_TRACE, "Received method: %s\n", method); if (s->method) { @@ -1215,6 +1217,8 @@ static int process_line(URLContext *h, char *line, int line_count, int *parsed_h resource = p; while (*p && !av_isspace(*p)) p++; + if (!av_isspace(*p)) + return ff_http_averror(400, AVERROR(EIO)); *(p++) = '\0'; av_log(h, AV_LOG_TRACE, "Requested resource: %s\n", resource); if (!(s->resource = av_strdup(resource))) -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
