[FFmpeg-devel] [PATCH] avformat/oggparseflac: check init_get_bits' result
Paul Arzelier
paul.arzelier at free.fr
Wed May 31 00:21:36 EEST 2023
From: Polochon-street <polochonstreet at gmx.fr>
Check init_get_bits' result for NULL, to avoid dereferencing a NULL
pointer later (CWE-476).
Without this, a segfault happens when trying to decode a handcrafted
ogg-flac file with an absurdly long (e.g. 268435455 bytes) ogg header.
Thanks to jamrial for basically writing this patch after I reported the bug!
Signed-off-by: Paul Arzelier <paul.arzelier at free.fr>
---
libavformat/oggparseflac.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/oggparseflac.c b/libavformat/oggparseflac.c
index eef6e09927..557440d94b 100644
--- a/libavformat/oggparseflac.c
+++ b/libavformat/oggparseflac.c
@@ -40,7 +40,10 @@ flac_header (AVFormatContext * s, int idx)
if (os->buf[os->pstart] == 0xff)
return 0;
- init_get_bits(&gb, os->buf + os->pstart, os->psize*8);
+ ret = init_get_bits8(&gb, os->buf + os->pstart, os->psize);
+ if (ret < 0)
+ return ret;
+
skip_bits1(&gb); /* metadata_last */
mdt = get_bits(&gb, 7);
--
2.40.1
More information about the ffmpeg-devel
mailing list