diff mbox series

[FFmpeg-devel,3/3] avformat/flvdec: Check for EOF in amf_parse_object()

Message ID 20201008191915.18532-3-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/3] avcodec/h264_slice: fix undefined integer overflow with POC in error concealment
Related show

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Michael Niedermayer Oct. 8, 2020, 7:19 p.m. UTC
Fixes: Timeout (too long -> 1ms)
Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/flvdec.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Steven Liu Oct. 9, 2020, 2:37 p.m. UTC | #1
> 在 2020年10月9日,03:19,Michael Niedermayer <michael@niedermayer.cc> 写道:
> 
> Fixes: Timeout (too long -> 1ms)
> Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/flvdec.c | 3 +++
> 1 file changed, 3 insertions(+)
> 
> diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
> index d480d0bc67..e6786e8b38 100644
> --- a/libavformat/flvdec.c
> +++ b/libavformat/flvdec.c
> @@ -493,8 +493,11 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream,
>     double num_val;
>     amf_date date;
> 
> +
empty line?
>     num_val  = 0;
>     ioc      = s->pb;
> +    if (avio_feof(ioc))
> +        return AVERROR_EOF;
>     amf_type = avio_r8(ioc);
> 
>     switch (amf_type) {
> -- 
> 2.17.1
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Thanks
Steven
Michael Niedermayer Oct. 9, 2020, 4:47 p.m. UTC | #2
On Fri, Oct 09, 2020 at 10:37:20PM +0800, Steven Liu wrote:
> 
> 
> > 在 2020年10月9日,03:19,Michael Niedermayer <michael@niedermayer.cc> 写道:
> > 
> > Fixes: Timeout (too long -> 1ms)
> > Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavformat/flvdec.c | 3 +++
> > 1 file changed, 3 insertions(+)
> > 
> > diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
> > index d480d0bc67..e6786e8b38 100644
> > --- a/libavformat/flvdec.c
> > +++ b/libavformat/flvdec.c
> > @@ -493,8 +493,11 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream,
> >     double num_val;
> >     amf_date date;
> > 
> > +
> empty line?

removed

thx

[...]
Michael Niedermayer Oct. 17, 2020, 12:37 p.m. UTC | #3
On Fri, Oct 09, 2020 at 06:47:15PM +0200, Michael Niedermayer wrote:
> On Fri, Oct 09, 2020 at 10:37:20PM +0800, Steven Liu wrote:
> > 
> > 
> > > 在 2020年10月9日,03:19,Michael Niedermayer <michael@niedermayer.cc> 写道:
> > > 
> > > Fixes: Timeout (too long -> 1ms)
> > > Fixes: 26108/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5653887668977664
> > > 
> > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > ---
> > > libavformat/flvdec.c | 3 +++
> > > 1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
> > > index d480d0bc67..e6786e8b38 100644
> > > --- a/libavformat/flvdec.c
> > > +++ b/libavformat/flvdec.c
> > > @@ -493,8 +493,11 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream,
> > >     double num_val;
> > >     amf_date date;
> > > 
> > > +
> > empty line?
> 
> removed

will apply

[...]
diff mbox series

Patch

diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index d480d0bc67..e6786e8b38 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -493,8 +493,11 @@  static int amf_parse_object(AVFormatContext *s, AVStream *astream,
     double num_val;
     amf_date date;
 
+
     num_val  = 0;
     ioc      = s->pb;
+    if (avio_feof(ioc))
+        return AVERROR_EOF;
     amf_type = avio_r8(ioc);
 
     switch (amf_type) {