Message ID | 20201023183940.31485-6-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | fcc263caa9e11a1f94431a6d356a48003c636ef6 |
Headers | show |
Series | [FFmpeg-devel,1/8] avcodec/magicyuv: Check slice size before reading flags and pred | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
On Fri, Oct 23, 2020 at 08:39:38PM +0200, Michael Niedermayer wrote: > Fixes: NULL ptr dereference > Fixes: 26508/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5694725249826816 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/aaxdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavformat/aaxdec.c b/libavformat/aaxdec.c index 3db6e9bc6d..7d10e805ca 100644 --- a/libavformat/aaxdec.c +++ b/libavformat/aaxdec.c @@ -232,7 +232,7 @@ static int aax_read_header(AVFormatContext *s) int64_t col_offset; int flag, type; - if (strcmp(a->xcolumns[c].name, "data")) + if (!a->xcolumns[c].name || strcmp(a->xcolumns[c].name, "data")) continue; type = a->xcolumns[c].type;
Fixes: NULL ptr dereference Fixes: 26508/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5694725249826816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/aaxdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)