[FFmpeg-devel] [PATCH] avformat/iamf_parse: add missing padding to AAC extradata
Michael Niedermayer
michael at niedermayer.cc
Wed Jun 19 00:42:29 EEST 2024
On Mon, Jun 17, 2024 at 09:49:01PM -0300, James Almer wrote:
> Fixes: out of array access
> Fixes: 68863/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4833546039525376
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: James Almer <jamrial at gmail.com>
> ---
> libavformat/iamf_parse.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
> index 312090b247..ff1b6cc75b 100644
> --- a/libavformat/iamf_parse.c
> +++ b/libavformat/iamf_parse.c
> @@ -92,13 +92,16 @@ static int aac_decoder_config(IAMFCodecConfig *codec_config,
> if (left <= 0)
> return AVERROR_INVALIDDATA;
>
> - codec_config->extradata = av_malloc(left);
> + // We pad extradata here because avpriv_mpeg4audio_get_config2() needs it.
> + codec_config->extradata = av_malloc(left + AV_INPUT_BUFFER_PADDING_SIZE);
can this overflow ?
except that, it fixes the testcase
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Modern terrorism, a quick summary: Need oil, start war with country that
has oil, kill hundread thousand in war. Let country fall into chaos,
be surprised about raise of fundamantalists. Drop more bombs, kill more
people, be surprised about them taking revenge and drop even more bombs
and strip your own citizens of their rights and freedoms. to be continued
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240618/0c28dc08/attachment.sig>
More information about the ffmpeg-devel
mailing list