[FFmpeg-devel] [PATCH 2/3] avformat/cafdec: Check for EOF in index read loop
Michael Niedermayer
michael at niedermayer.cc
Wed Nov 18 23:08:17 EET 2020
Fixes: OOM
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/cafdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index ec297dfa7d..1080f48891 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -202,6 +202,8 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size)
st->duration = 0;
for (i = 0; i < num_packets; i++) {
+ if (avio_feof(pb))
+ return AVERROR_INVALIDDATA;
av_add_index_entry(s->streams[0], pos, st->duration, 0, 0, AVINDEX_KEYFRAME);
pos += caf->bytes_per_packet ? caf->bytes_per_packet : ff_mp4_read_descr_len(pb);
st->duration += caf->frames_per_packet ? caf->frames_per_packet : ff_mp4_read_descr_len(pb);
--
2.17.1
More information about the ffmpeg-devel
mailing list