mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-21 06:50:44 +00:00
avcodec/exr: Cleanup befor return
Fixes: leaks Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6703454090559488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
d31d4f3228
commit
885ff3b879
@ -1930,8 +1930,10 @@ static int decode_header(EXRContext *s, AVFrame *frame)
|
||||
|
||||
bytestream2_get_buffer(gb, key, FFMIN(sizeof(key) - 1, var_size));
|
||||
if (strncmp("scanlineimage", key, var_size) &&
|
||||
strncmp("tiledimage", key, var_size))
|
||||
return AVERROR_PATCHWELCOME;
|
||||
strncmp("tiledimage", key, var_size)) {
|
||||
ret = AVERROR_PATCHWELCOME;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
continue;
|
||||
} else if ((var_size = check_header_variable(s, "preview",
|
||||
@ -1939,12 +1941,16 @@ static int decode_header(EXRContext *s, AVFrame *frame)
|
||||
uint32_t pw = bytestream2_get_le32(gb);
|
||||
uint32_t ph = bytestream2_get_le32(gb);
|
||||
uint64_t psize = pw * ph;
|
||||
if (psize > INT64_MAX / 4)
|
||||
return AVERROR_INVALIDDATA;
|
||||
if (psize > INT64_MAX / 4) {
|
||||
ret = AVERROR_INVALIDDATA;
|
||||
goto fail;
|
||||
}
|
||||
psize *= 4;
|
||||
|
||||
if ((int64_t)psize >= bytestream2_get_bytes_left(gb))
|
||||
return AVERROR_INVALIDDATA;
|
||||
if ((int64_t)psize >= bytestream2_get_bytes_left(gb)) {
|
||||
ret = AVERROR_INVALIDDATA;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
bytestream2_skip(gb, psize);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user