[FFmpeg-devel] [PATCH 5/7] avformat/mpegts: Limit copied data to space
Marton Balint
cus at passwd.hu
Thu Nov 5 00:17:53 EET 2020
On Wed, 4 Nov 2020, Michael Niedermayer wrote:
> Fixes: out of array access
> Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/mpegts.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
> index ebb09991dc..80d010db6c 100644
> --- a/libavformat/mpegts.c
> +++ b/libavformat/mpegts.c
> @@ -3169,7 +3169,7 @@ static int mpegts_raw_read_packet(AVFormatContext *s, AVPacket *pkt)
> return ret;
> }
> if (data != pkt->data)
> - memcpy(pkt->data, data, ts->raw_packet_size);
> + memcpy(pkt->data, data, TS_PACKET_SIZE);
> finished_reading_packet(s, ts->raw_packet_size);
> if (ts->mpeg2ts_compute_pcr) {
> /* compute exact PCR for each packet */
LGTM, thanks.
Marton
More information about the ffmpeg-devel
mailing list