mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-24 08:12:44 +00:00
avformat/vividas: Check that value from ffio_read_varlen() does not overflow
Fixes: signed integer overflow: -1241665686 + -1340629419 cannot be represented in type 'int' Fixes: 15922/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5692826442006528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
8bac648359
commit
07357cd933
@ -374,8 +374,11 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *
|
||||
ffio_read_varlen(pb); // len_3
|
||||
num_data = avio_r8(pb);
|
||||
for (j = 0; j < num_data; j++) {
|
||||
data_len[j] = ffio_read_varlen(pb);
|
||||
xd_size += data_len[j];
|
||||
uint64_t len = ffio_read_varlen(pb);
|
||||
if (len > INT_MAX/2 - xd_size)
|
||||
return AVERROR_INVALIDDATA;
|
||||
data_len[j] = len;
|
||||
xd_size += len;
|
||||
}
|
||||
|
||||
st->codecpar->extradata_size = 64 + xd_size + xd_size / 255;
|
||||
|
Loading…
Reference in New Issue
Block a user