mirror of https://git.ffmpeg.org/ffmpeg.git
avformat/rmdec: Better duplicate tags check
Fixes: memleaks
Fixes: 44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15a646e501
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
5a67ee5797
commit
7f094e829e
|
@ -127,10 +127,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb,
|
||||||
uint32_t version;
|
uint32_t version;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
// Duplicate tags
|
|
||||||
if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)
|
|
||||||
return AVERROR_INVALIDDATA;
|
|
||||||
|
|
||||||
/* ra type header */
|
/* ra type header */
|
||||||
version = avio_rb16(pb); /* version */
|
version = avio_rb16(pb); /* version */
|
||||||
if (version == 3) {
|
if (version == 3) {
|
||||||
|
@ -330,6 +326,11 @@ int ff_rm_read_mdpr_codecdata(AVFormatContext *s, AVIOContext *pb,
|
||||||
if (codec_data_size == 0)
|
if (codec_data_size == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
// Duplicate tags
|
||||||
|
if ( st->codecpar->codec_type != AVMEDIA_TYPE_UNKNOWN
|
||||||
|
&& st->codecpar->codec_type != AVMEDIA_TYPE_DATA)
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
|
||||||
avpriv_set_pts_info(st, 64, 1, 1000);
|
avpriv_set_pts_info(st, 64, 1, 1000);
|
||||||
codec_pos = avio_tell(pb);
|
codec_pos = avio_tell(pb);
|
||||||
v = avio_rb32(pb);
|
v = avio_rb32(pb);
|
||||||
|
|
Loading…
Reference in New Issue