[FFmpeg-devel] [PATCH 4/5] avformat/lvfdec: Check stream_index before use
Paul B Mahol
onemda at gmail.com
Sun Nov 8 22:21:45 EET 2020
LGTM
On Sun, Nov 8, 2020 at 12:18 AM Michael Niedermayer <michael at niedermayer.cc>
wrote:
> Fixes: assertion failure
> Fixes:
> 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/lvfdec.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/lvfdec.c b/libavformat/lvfdec.c
> index 8b8d6f01b9..4c87728def 100644
> --- a/libavformat/lvfdec.c
> +++ b/libavformat/lvfdec.c
> @@ -106,6 +106,7 @@ static int lvf_read_packet(AVFormatContext *s,
> AVPacket *pkt)
> unsigned size, flags, timestamp, id;
> int64_t pos;
> int ret, is_video = 0;
> + int stream_index;
>
> pos = avio_tell(s->pb);
> while (!avio_feof(s->pb)) {
> @@ -121,12 +122,15 @@ static int lvf_read_packet(AVFormatContext *s,
> AVPacket *pkt)
> case MKTAG('0', '1', 'w', 'b'):
> if (size < 8)
> return AVERROR_INVALIDDATA;
> + stream_index = is_video ? 0 : 1;
> + if (stream_index >= s->nb_streams)
> + return AVERROR_INVALIDDATA;
> timestamp = avio_rl32(s->pb);
> flags = avio_rl32(s->pb);
> ret = av_get_packet(s->pb, pkt, size - 8);
> if (flags & (1 << 12))
> pkt->flags |= AV_PKT_FLAG_KEY;
> - pkt->stream_index = is_video ? 0 : 1;
> + pkt->stream_index = stream_index;
> pkt->pts = timestamp;
> pkt->pos = pos;
> return ret;
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list