From f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 Mon Sep 17 00:00:00 2001
From: Francois Cartegnie <fcvlcdev@free.fr>
Date: Thu, 22 Oct 2020 16:40:48 +0200
Subject: [PATCH] demux: avi: check subindex, fix potential invalid deref
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by: Zhen Zhou, NSFOCUS Security Team

Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
(cherry picked from commit 072c3bf621f34efbc81048bd5db585f554b9d1b0)
Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
---
 modules/demux/avi/avi.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/demux/avi/avi.c b/modules/demux/avi/avi.c
index 8a39b5dd775..fbd08b6422a 100644
--- a/modules/demux/avi/avi.c
+++ b/modules/demux/avi/avi.c
@@ -2660,7 +2660,8 @@ static void AVI_IndexLoad_indx( demux_t *p_demux,
                 {
                     break;
                 }
-                if( ck_sub.indx.i_indextype == AVI_INDEX_OF_CHUNKS )
+                if( ck_sub.common.i_chunk_fourcc == AVIFOURCC_indx &&
+                     ck_sub.indx.i_indextype == AVI_INDEX_OF_CHUNKS )
                     __Parse_indx( p_demux, &p_index[i_stream], pi_last_offset, &ck_sub.indx );
                 AVI_ChunkClean( p_demux->s, &ck_sub );
             }
-- 
GitLab