RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/rpl: Check for number_of_chunks overflow 

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int32_t' (aka 'int')
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6086131095830528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2023-09-30 21:14:28 +02:00
parent 3508b496e1
commit b3c973acbe
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavformat/rpl.c
View File

@ -268,6 +268,9 @@ static int rpl_read_header(AVFormatContext *s)
"Video stream will be broken!\n", av_fourcc2str(vst->codecpar->codec_tag)); "Video stream will be broken!\n", av_fourcc2str(vst->codecpar->codec_tag));
number_of_chunks = read_line_and_int(pb, &error); // number of chunks in the file number_of_chunks = read_line_and_int(pb, &error); // number of chunks in the file
if (number_of_chunks == INT_MAX)
return AVERROR_INVALIDDATA;
// The number in the header is actually the index of the last chunk. // The number in the header is actually the index of the last chunk.
number_of_chunks++; number_of_chunks++;