[FFmpeg-devel] [PATCH 3/5] avformat/aaxdec: Check avio_seek() in inner loop for failure
James Almer
jamrial at gmail.com
Tue Apr 13 19:09:52 EEST 2021
On 4/13/2021 12:45 PM, Michael Niedermayer wrote:
> Fixes: Timeout
> Fixes: 32450/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-4875522262827008
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/aaxdec.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/aaxdec.c b/libavformat/aaxdec.c
> index c6d2d1c8d1..ff9768efac 100644
> --- a/libavformat/aaxdec.c
> +++ b/libavformat/aaxdec.c
> @@ -249,7 +249,10 @@ static int aax_read_header(AVFormatContext *s)
> goto fail;
> }
>
> - avio_seek(pb, data_offset, SEEK_SET);
> + ret = avio_seek(pb, data_offset, SEEK_SET);
There's another unchecked seek, and for both you should use an int64_t
variable to store the return value, otherwise values > INT_MAX could be
misinterpreted as errors.
> + if (ret < 0)
> + goto fail;
> +
> if (type == COLUMN_TYPE_VLDATA) {
> int64_t start, size;
>
>
More information about the ffmpeg-devel
mailing list