[FFmpeg-devel] [PATCH 4/6] avformat/flvdec: Check for nesting depth in amf_parse_object()
Michael Niedermayer
michael at niedermayer.cc
Mon Jan 25 22:29:21 EET 2021
On Sun, Jan 24, 2021 at 02:14:43PM +0100, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2021-01-23 23:10:54)
> > Fixes: out of array access
> > Fixes: 29202/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5112845840809984
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavformat/flvdec.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
> > index 07ef342278..e15be0a221 100644
> > --- a/libavformat/flvdec.c
> > +++ b/libavformat/flvdec.c
> > @@ -41,6 +41,8 @@
> >
> > #define RESYNC_BUFFER_SIZE (1<<20)
> >
> > +#define MAX_DEPTH 10
>
> Why 10 specifically.
10 is arbitrary, we could pick 5 or 100 probably
> And which buffer overflows?
stack
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210125/a2134aac/attachment.sig>
More information about the ffmpeg-devel
mailing list