RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/rawvideodec: check packet size 

Fixes: division by zero
Fixes: integer overflow
Fixes: 43347/clusterfuzz-testcase-minimized-ffmpeg_dem_V210X_fuzzer-5846911637127168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: lance.lmwang@gmail.com
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2022-01-07 17:51:11 +01:00
parent c936c319bd
commit c36a5dfc8f
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavformat/rawvideodec.c
View File

@ -42,6 +42,7 @@ static int rawvideo_read_header(AVFormatContext *ctx)
enum AVPixelFormat pix_fmt; enum AVPixelFormat pix_fmt;
AVStream *st; AVStream *st;
int packet_size; int packet_size;
int ret;
st = avformat_new_stream(ctx, NULL); st = avformat_new_stream(ctx, NULL);
if (!st) if (!st)
@ -62,6 +63,10 @@ static int rawvideo_read_header(AVFormatContext *ctx)
avpriv_set_pts_info(st, 64, s->framerate.den, s->framerate.num); avpriv_set_pts_info(st, 64, s->framerate.den, s->framerate.num);
ret = av_image_check_size(s->width, s->height, 0, ctx);
if (ret < 0)
return ret;
st->codecpar->width = s->width; st->codecpar->width = s->width;
st->codecpar->height = s->height; st->codecpar->height = s->height;
@ -100,6 +105,8 @@ static int rawvideo_read_header(AVFormatContext *ctx)
if (packet_size < 0) if (packet_size < 0)
return packet_size; return packet_size;
} }
if (packet_size == 0)
return AVERROR(EINVAL);
st->codecpar->format = pix_fmt; st->codecpar->format = pix_fmt;
ctx->packet_size = packet_size; ctx->packet_size = packet_size;