Message ID | 20201027162119.19025-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 0ba71a72d3a617b255b71988a000d5093222f779 |
Headers | show |
Series | [FFmpeg-devel,1/4] avformat/aiffdec: Check packet size | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
On Tue, Oct 27, 2020 at 05:21:16PM +0100, Michael Niedermayer wrote: > Fixes: Fixes infinite loop > Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760 > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/aiffdec.c | 2 ++ > 1 file changed, 2 insertions(+) will apply [...]
diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index c650e9074d..15733478e1 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -406,6 +406,8 @@ static int aiff_read_packet(AVFormatContext *s, break; default: size = st->codecpar->block_align ? (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE; + if (!size) + return AVERROR_INVALIDDATA; } size = FFMIN(max_size, size); res = av_get_packet(s->pb, pkt, size);
Fixes: Fixes infinite loop Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/aiffdec.c | 2 ++ 1 file changed, 2 insertions(+)