virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Code Issues Releases Activity

avformat/wtvdec: Check len in parse_chunks() to avoid overflow

Browse Source 
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'
Fixes: 30084/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6192261941559296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-02-08 14:29:01 +01:00
parent 69754e07f5
commit 5552ceaf56
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/wtvdec.c
View File

@ -794,7 +794,7 @@ static int parse_chunks(AVFormatContext *s, int mode, int64_t seekts, int *len_p
ff_get_guid(pb, &g);
len = avio_rl32(pb);
if (len < 32) {
if (len < 32 || len > INT_MAX - 7) {
int ret;
if (avio_feof(pb))
return AVERROR_EOF;