diff mbox series

[FFmpeg-devel,1/3] avformat/electronicarts: Clear partial_packet on error

Message ID 20210211223927.10122-1-michael@niedermayer.cc
State Accepted
Commit 59bb9dc2a670cbe5d659585392b6d79f7bb6d40f
Headers show
Series [FFmpeg-devel,1/3] avformat/electronicarts: Clear partial_packet on error | expand

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Michael Niedermayer Feb. 11, 2021, 10:39 p.m. UTC 
Fixes: Infinite loop
Fixes: 30165/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6224642371092480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/electronicarts.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Paul B Mahol Feb. 11, 2021, 10:41 p.m. UTC | #1 
lgtm
Michael Niedermayer Feb. 12, 2021, 10:01 a.m. UTC | #2 
On Thu, Feb 11, 2021 at 11:41:04PM +0100, Paul B Mahol wrote:
> lgtm

will apply

thx

[...]
Andreas Rheinhardt Feb. 12, 2021, 11 a.m. UTC | #3 
Michael Niedermayer:
> Fixes: Infinite loop
> Fixes: 30165/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-6224642371092480
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/electronicarts.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c
> index a98a8d604e..7c0d6a2e37 100644
> --- a/libavformat/electronicarts.c
> +++ b/libavformat/electronicarts.c
> @@ -728,6 +728,7 @@ get_video_packet:
>                  ret = av_get_packet(pb, pkt, chunk_size);
>              if (ret < 0) {
>                  packet_read = 1;
> +                partial_packet = 0;
>                  break;
>              }
>              partial_packet = chunk_type == MVIh_TAG;
> 
This will make sure that we break out of the loop; furthermore, the code
overwriting ret with AVERROR(EAGAIN) will not be triggered and ret will
be returned. So why not just return ret here?

- Andreas
diff mbox series

Patch

diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c
index a98a8d604e..7c0d6a2e37 100644
--- a/libavformat/electronicarts.c
+++ b/libavformat/electronicarts.c
@@ -728,6 +728,7 @@  get_video_packet:
                 ret = av_get_packet(pb, pkt, chunk_size);
             if (ret < 0) {
                 packet_read = 1;
+                partial_packet = 0;
                 break;
             }
             partial_packet = chunk_type == MVIh_TAG;