virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-30 23:18:11 +02:00
Code Issues Releases Activity

avformat/cafdec: Check that data chunk end fits within 64bit

Browse Source 
Fixes: signed integer overflow: 64 + 9223372036854775803 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b792e4d4c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2023-09-30 00:45:33 +02:00
parent 9459a45036
commit 356251d750
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libavformat/cafdec.c
View File

@@ -343,6 +343,9 @@ static int read_header(AVFormatContext *s)
avio_skip(pb, 4); /* edit count */
caf->data_start = avio_tell(pb);
caf->data_size = size < 0 ? -1 : size - 4;
if (caf->data_start < 0 || caf->data_size > INT64_MAX - caf->data_start)
return AVERROR_INVALIDDATA;
if (caf->data_size > 0 && (pb->seekable & AVIO_SEEKABLE_NORMAL))
avio_skip(pb, caf->data_size);
found_data = 1;