[FFmpeg-devel] [PATCH 2/2] avformat/mxfdec: Error out on duplicated utf16 strings
Marton Balint
cus at passwd.hu
Sun Jun 14 21:19:18 EEST 2020
On Sun, 14 Jun 2020, Michael Niedermayer wrote:
> Alternatively we could free the already allocated element
Yeah, I kind of prefer that, we potentially allow non-string values to
occur multiple times, so I'd say let's allow string values as well, even
if that is not common. (I am not sure if it is strictly invalid or just
uncommon).
Regards,
Marton
> Fixes: memleak
> Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/mxfdec.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index a60bdfeade..3b354864d9 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -867,6 +867,8 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i
> return AVERROR(EINVAL);
>
> buf_size = size + size / 2 + 1;
> + if (*str)
> + return AVERROR_INVALIDDATA;
> *str = av_malloc(buf_size);
> if (!*str)
> return AVERROR(ENOMEM);
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list