Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/agm: More completely check size before using it

Browse Source 
Fixes: out of array access
Fixes: 13997/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5701427252428800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/310/head
Michael Niedermayer 6 years ago
parent ee16d14b0a
commit 8e3b01e20e
1 changed files with 2 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      libavcodec/agm.c

3
libavcodec/agm.c
Unescape View File

@ -562,7 +562,8 @@ static int decode_frame(AVCodecContext *avctx, void *data,
for (int i = 0; i < 3; i++)
s->size[i] = bytestream2_get_le32(gbyte);
if (32LL + s->size[0] + s->size[1] + s->size[2] > avpkt->size)
if (s->size[0] < 0 || s->size[1] < 0 || s->size[2] < 0 ||
32LL + s->size[0] + s->size[1] + s->size[2] > avpkt->size)
return AVERROR_INVALIDDATA;
if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)

Write Preview
Loading…
Cancel
Save