[FFmpeg-devel] [PATCH 1/6] avcodec/osq: Check that pkt_offset does not exceed pkt size
Michael Niedermayer
michael at niedermayer.cc
Thu Sep 21 21:09:07 EEST 2023
Fixes: out of array access
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6227491892887552
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6268561729126400
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6414805046788096
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6538151088488448
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6608131540779008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/osq.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/osq.c b/libavcodec/osq.c
index e7f11691d2e..bcc75fef6fc 100644
--- a/libavcodec/osq.c
+++ b/libavcodec/osq.c
@@ -408,6 +408,9 @@ static int osq_receive_frame(AVCodecContext *avctx, AVFrame *frame)
GetBitContext *gb = &s->gb;
int ret, n;
+ if (s->pkt_offset > s->pkt->size)
+ s->pkt_offset = 0;
+
while (s->bitstream_size < s->max_framesize) {
int size;
--
2.17.1
More information about the ffmpeg-devel
mailing list