diff mbox series

[FFmpeg-devel] avformat/oggparsevorbis: Error out on double init of vp

Message ID 20200113095933.21601-1-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel] avformat/oggparsevorbis: Error out on double init of vp | expand

Checks

Context Check Description
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Michael Niedermayer Jan. 13, 2020, 9:59 a.m. UTC 
Fixes: memleak
Fixes: 19949/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5743636058210304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/oggparsevorbis.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Paul B Mahol Jan. 13, 2020, 11:43 a.m. UTC | #1 
NAK

On 1/13/20, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: memleak
> Fixes:
> 19949/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5743636058210304
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/oggparsevorbis.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
> index 43f05f928a..889c7950d3 100644
> --- a/libavformat/oggparsevorbis.c
> +++ b/libavformat/oggparsevorbis.c
> @@ -230,7 +230,7 @@ static int fixup_vorbis_headers(AVFormatContext *as,
>      len = priv->len[0] + priv->len[1] + priv->len[2];
>      buf_len = len + len / 255 + 64;
>
> -    if (*buf)
> +    if (*buf || priv->vp)
>          return AVERROR_INVALIDDATA;
>
>      ptr = *buf = av_realloc(NULL, buf_len);
> --
> 2.24.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff mbox series

Patch

diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
index 43f05f928a..889c7950d3 100644
--- a/libavformat/oggparsevorbis.c
+++ b/libavformat/oggparsevorbis.c
@@ -230,7 +230,7 @@  static int fixup_vorbis_headers(AVFormatContext *as,
     len = priv->len[0] + priv->len[1] + priv->len[2];
     buf_len = len + len / 255 + 64;
 
-    if (*buf)
+    if (*buf || priv->vp)
         return AVERROR_INVALIDDATA;
 
     ptr = *buf = av_realloc(NULL, buf_len);