virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avformat/id3v2: Check the return from avio_get_str()

Browse Source 
Fixes: out of array access
Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-01-31 16:14:03 +01:00
parent 7a23952614
commit 25f240fcb3
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavformat/id3v2.c
View File

@ -605,7 +605,10 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen,
/* mimetype */
if (isv34) {
taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
int ret = avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
if (ret < 0 || ret >= taglen)
goto fail;
taglen -= ret;
} else {
if (avio_read(pb, mimetype, 3) < 0)
goto fail;