| Message ID | 20210330113129.14852-2-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | f7a515044766426cf3cac20bdc091b700f00a458 |
| Headers | show |
| Series | [FFmpeg-devel,1/5] avcodec/h265_metadata_bsf: Check nb_units before accessing the first in h265_metadata_update_fragment() | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
diff --git a/libavformat/imx.c b/libavformat/imx.c index d203ed7a28..22fca0bdc0 100644 --- a/libavformat/imx.c +++ b/libavformat/imx.c @@ -113,6 +113,8 @@ retry: imx->first_video_packet_pos = pos; break; case 0xAA98: + if (chunk_size > 256 * 3) + return AVERROR_INVALIDDATA; for (int i = 0; i < chunk_size / 3; i++) { unsigned r = avio_r8(pb) << 18; unsigned g = avio_r8(pb) << 10;
Fixes: out of array write Fixes: 32116/clusterfuzz-testcase-minimized-ffmpeg_dem_SIMBIOSIS_IMX_fuzzer-6702533894602752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/imx.c | 2 ++ 1 file changed, 2 insertions(+)