Message ID | 20210724215247.20107-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 54b798638e68dcebed5c42a216b403004a97f73e |
Headers | show |
Series | [FFmpeg-devel] tools/target_dec_fuzzer: Fix extradata duplication | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Sat, Jul 24, 2021 at 11:52:47PM +0200, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: 36340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5872546875572224.fuzz > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > tools/target_dec_fuzzer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 3e7689b7ec..843b447f83 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -317,7 +317,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { } parser_avctx->codec_id = ctx->codec_id; parser_avctx->extradata_size = ctx->extradata_size; - parser_avctx->extradata = av_memdup(ctx->extradata, ctx->extradata_size); + parser_avctx->extradata = ctx->extradata ? av_memdup(ctx->extradata, ctx->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE) : NULL; int got_frame;
Fixes: out of array access Fixes: 36340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5872546875572224.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- tools/target_dec_fuzzer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)