From 166dc895f7531c44cb8c1103542c205efcd426de Mon Sep 17 00:00:00 2001
From: lamtung-monash <lam.nguyentung@monash.edu>
Date: Mon, 29 Dec 2025 15:40:50 +0800
Subject: [PATCH] Fix DoS due to lack of eof check

---
 3rdparty/ffmpeg/libavformat/rl2.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/3rdparty/ffmpeg/libavformat/rl2.c b/3rdparty/ffmpeg/libavformat/rl2.c
index 50170166..dacd65cd 100644
--- a/3rdparty/ffmpeg/libavformat/rl2.c
+++ b/3rdparty/ffmpeg/libavformat/rl2.c
@@ -170,12 +170,21 @@ static av_cold int rl2_read_header(AVFormatContext *s)
     }
 
     /** read offset and size tables */
-    for(i=0; i < frame_count;i++)
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         chunk_size[i] = avio_rl32(pb);
-    for(i=0; i < frame_count;i++)
+    }
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         chunk_offset[i] = avio_rl32(pb);
-    for(i=0; i < frame_count;i++)
+    }
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         audio_size[i] = avio_rl32(pb) & 0xFFFF;
+    }
 
     /** build the sample index */
     for(i=0;i<frame_count;i++){