[FFmpeg-cvslog] avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()
Michael Niedermayer
git at videolan.org
Thu Apr 14 01:08:53 EEST 2022
ffmpeg | branch: release/3.4 | Michael Niedermayer <michael at niedermayer.cc> | Fri Feb 4 00:44:32 2022 +0100| [9eca5d77c4678da416212e78b8456faaf9df529d] | committer: Michael Niedermayer
avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()
Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff
Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9eca5d77c4678da416212e78b8456faaf9df529d
---
libavformat/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index cc5a06b127..cc1e574ddd 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -4808,7 +4808,7 @@ void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf,
key_len = ptr - key;
callback_get_buf(context, key, key_len, &dest, &dest_len);
- dest_end = dest + dest_len - 1;
+ dest_end = dest ? dest + dest_len - 1 : NULL;
if (*ptr == '\"') {
ptr++;
More information about the ffmpeg-cvslog
mailing list