This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/7.1 in repository ffmpeg.
commit 130fbf3569e334c5e903638b16f71d7174918f59 Author: haoyuLiu <[email protected]> AuthorDate: Wed Jun 10 03:40:50 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Thu Jun 18 20:31:03 2026 +0200 avformat/http: reject request-line tokens not terminated by whitespace Fixes out of array access Found-by: Cloud-LHY (@Clouditera-lhy) / VulnForge Security Research Team Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit dd9083cb89c7f015d7fefe037a12e9e53d621cd9) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/http.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/http.c b/libavformat/http.c index 2ee4d71fb4..1ff399a7ff 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -1145,6 +1145,8 @@ static int process_line(URLContext *h, char *line, int line_count, int *parsed_h method = p; while (*p && !av_isspace(*p)) p++; + if (!av_isspace(*p)) + return ff_http_averror(400, AVERROR(EIO)); *(p++) = '\0'; av_log(h, AV_LOG_TRACE, "Received method: %s\n", method); if (s->method) { @@ -1171,6 +1173,8 @@ static int process_line(URLContext *h, char *line, int line_count, int *parsed_h resource = p; while (*p && !av_isspace(*p)) p++; + if (!av_isspace(*p)) + return ff_http_averror(400, AVERROR(EIO)); *(p++) = '\0'; av_log(h, AV_LOG_TRACE, "Requested resource: %s\n", resource); if (!(s->resource = av_strdup(resource))) _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
