avformat/wavdec: Check for EOF in cues reading

Fixes: Timeout (>20sec -> 1ms) Fixes: 26793/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5674966852567040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-01 22:18:49 +01:00 · 2020-11-01 22:18:49 +01:00 · 72ca9f38e4
parent a834af133b
commit 72ca9f38e4
1 changed files with 3 additions and 0 deletions
--- a/libavformat/wavdec.c
+++ b/libavformat/wavdec.c
@ -558,6 +558,9 @@ static int wav_read_header(AVFormatContext *s)
                    for (int i = 0; i < nb_cues; i++) {
                        unsigned offset, id = avio_rl32(pb);

+                        if (avio_feof(pb))
+                            return AVERROR_INVALIDDATA;
+
                        avio_skip(pb, 16);
                        offset = avio_rl32(pb);