apps/ffmpeg-rockchip
1
0
Fork 0
mirror of https://github.com/nyanmisaka/ffmpeg-rockchip.git synced 2025-10-31 12:36:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

avformat/bfi: Check offsets better

Browse Source 
Fixes: signed integer overflow: -2145378272 - 538976288 cannot be represented in type 'int'
Fixes: 45690/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5015496544616448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2022-03-20 23:24:40 +01:00
parent ffc8772150
commit 35dc93ab44
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libavformat/bfi.c
View File

@@ -140,12 +140,12 @@ static int bfi_read_packet(AVFormatContext * s, AVPacket * pkt)
audio_offset = avio_rl32(pb);
avio_rl32(pb);
video_offset = avio_rl32(pb);
audio_size = video_offset - audio_offset;
bfi->video_size = chunk_size - video_offset;
if (audio_size < 0 || bfi->video_size < 0) {
if (audio_offset < 0 || video_offset < audio_offset || chunk_size < video_offset) {
av_log(s, AV_LOG_ERROR, "Invalid audio/video offsets or chunk size\n");
return AVERROR_INVALIDDATA;
}
audio_size = video_offset - audio_offset;
bfi->video_size = chunk_size - video_offset;
//Tossing an audio packet at the audio decoder.
ret = av_get_packet(pb, pkt, audio_size);