diff mbox series

[FFmpeg-devel,5/8] uavformat/rsd: check for EOF in extradata

Message ID 20201023183940.31485-5-michael@niedermayer.cc
State Accepted
Commit 7186ec88b98bc589f1403985ab10cc7f77461ec8
Headers show
Series [FFmpeg-devel,1/8] avcodec/magicyuv: Check slice size before reading flags and pred | expand

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished

Commit Message

Michael Niedermayer Oct. 23, 2020, 6:39 p.m. UTC 
Fixes: OOM
Fixes: 26503/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6530816735444992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/rsd.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Michael Niedermayer Jan. 11, 2021, 10:13 p.m. UTC | #1 
On Fri, Oct 23, 2020 at 08:39:37PM +0200, Michael Niedermayer wrote:
> Fixes: OOM
> Fixes: 26503/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6530816735444992
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/rsd.c | 2 ++
>  1 file changed, 2 insertions(+)

will apply

[...]
diff mbox series

Patch

diff --git a/libavformat/rsd.c b/libavformat/rsd.c
index e23c8abae5..933b1dbadc 100644
--- a/libavformat/rsd.c
+++ b/libavformat/rsd.c
@@ -139,6 +139,8 @@  static int rsd_read_header(AVFormatContext *s)
             return ret;
 
         for (i = 0; i < par->channels; i++) {
+            if (avio_feof(pb))
+                return AVERROR_EOF;
             avio_read(s->pb, st->codecpar->extradata + 32 * i, 32);
             avio_skip(s->pb, 8);
         }