RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/lafdec: Check for EOF in header reading 

Fixes: OOM testcase
Fixes: 51527/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-5453663505612800

OOM can still happen after this as an arbitrary sized block is allocated and read
this would require a redesign or some limit on the sample rate.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2022-11-12 18:14:19 +01:00
parent 64c6c56890
commit b92260f70a
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavformat/lafdec.c
View File

@ -111,6 +111,9 @@ static int laf_read_header(AVFormatContext *ctx)
sample_rate = avio_rl32(pb);
duration = avio_rl64(pb) / st_count;
if (avio_feof(pb))
return AVERROR_INVALIDDATA;
switch (quality) {
case 0:
codec_id = AV_CODEC_ID_PCM_U8;