avformat/cafdec: Check for EOF in index read loop

Fixes: OOM Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-18 00:58:37 +01:00 · 2020-11-18 00:58:37 +01:00 · eb46939e3a
parent 5eed718087
commit eb46939e3a
1 changed files with 2 additions and 0 deletions
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@ -205,6 +205,8 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size)

    st->duration = 0;
    for (i = 0; i < num_packets; i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
        av_add_index_entry(s->streams[0], pos, st->duration, 0, 0, AVINDEX_KEYFRAME);
        pos += caf->bytes_per_packet ? caf->bytes_per_packet : ff_mp4_read_descr_len(pb);
        st->duration += caf->frames_per_packet ? caf->frames_per_packet : ff_mp4_read_descr_len(pb);