diff mbox series

[FFmpeg-devel,2/4] avformat/vividas: Check for EOF in first loop in track_header()

Message ID 20200920202608.11653-2-michael@niedermayer.cc
State Accepted
Commit 7170d342e597a39f48d1bedb3a2382f25a324155
Headers show
Series [FFmpeg-devel,1/4] avformat/wvdec: Check rate for overflow | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Michael Niedermayer Sept. 20, 2020, 8:26 p.m. UTC 
Fixes: timeout (243sec -> a few ms)
Fixes: 25716/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5764093666131968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/vividas.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Paul B Mahol Sept. 20, 2020, 10:34 p.m. UTC | #1 
On Sun, Sep 20, 2020 at 10:26:06PM +0200, Michael Niedermayer wrote:
> Fixes: timeout (243sec -> a few ms)
> Fixes: 25716/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5764093666131968
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/vividas.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/libavformat/vividas.c b/libavformat/vividas.c
> index 36c007b0d2..7917df5d64 100644
> --- a/libavformat/vividas.c
> +++ b/libavformat/vividas.c
> @@ -293,6 +293,8 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s,  uint8_t *
>  
>      for (i=0;i<val_1;i++) {
>          int c = avio_r8(pb);
> +        if (avio_feof(pb))
> +            return AVERROR_EOF;
>          for (j=0;j<c;j++) {
>              if (avio_feof(pb))
>                  return AVERROR_EOF;
> -- 

Generally acceptable.
Michael Niedermayer Sept. 21, 2020, 9:57 a.m. UTC | #2 
On Mon, Sep 21, 2020 at 12:34:58AM +0200, Paul B Mahol wrote:
> On Sun, Sep 20, 2020 at 10:26:06PM +0200, Michael Niedermayer wrote:
> > Fixes: timeout (243sec -> a few ms)
> > Fixes: 25716/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5764093666131968
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/vividas.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/libavformat/vividas.c b/libavformat/vividas.c
> > index 36c007b0d2..7917df5d64 100644
> > --- a/libavformat/vividas.c
> > +++ b/libavformat/vividas.c
> > @@ -293,6 +293,8 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s,  uint8_t *
> >  
> >      for (i=0;i<val_1;i++) {
> >          int c = avio_r8(pb);
> > +        if (avio_feof(pb))
> > +            return AVERROR_EOF;
> >          for (j=0;j<c;j++) {
> >              if (avio_feof(pb))
> >                  return AVERROR_EOF;
> > -- 
> 
> Generally acceptable.

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavformat/vividas.c b/libavformat/vividas.c
index 36c007b0d2..7917df5d64 100644
--- a/libavformat/vividas.c
+++ b/libavformat/vividas.c
@@ -293,6 +293,8 @@  static int track_header(VividasDemuxContext *viv, AVFormatContext *s,  uint8_t *
 
     for (i=0;i<val_1;i++) {
         int c = avio_r8(pb);
+        if (avio_feof(pb))
+            return AVERROR_EOF;
         for (j=0;j<c;j++) {
             if (avio_feof(pb))
                 return AVERROR_EOF;