RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/icodec: Fix crash probing fuzzed file 

Avoid invalid memory read/crash when frame offset >= 0xfffffff8.
Base64-encoded example: AAABADAwMDAwMAAAMAAwMDAw/P///w==
(The previous commit verifies that p->buf_size >= 22.)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Mark Harris 2016-02-15 23:52:13 -08:00 committed by Michael Niedermayer
parent 1b4fbf8080
commit 56e2cd9c04
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/icodec.c
View File

@ -63,7 +63,7 @@ static int probe(AVProbeData *p)
offset = AV_RL32(p->buf + 18 + i * 16); offset = AV_RL32(p->buf + 18 + i * 16);
if (offset < 22) if (offset < 22)
return FFMIN(i, AVPROBE_SCORE_MAX / 4); return FFMIN(i, AVPROBE_SCORE_MAX / 4);
if (offset + 8 > p->buf_size) if (offset > p->buf_size - 8)
continue; continue;
if (p->buf[offset] != 40 && AV_RB64(p->buf + offset) != PNGSIG) if (p->buf[offset] != 40 && AV_RB64(p->buf + offset) != PNGSIG)
return FFMIN(i, AVPROBE_SCORE_MAX / 4); return FFMIN(i, AVPROBE_SCORE_MAX / 4);