virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-30 23:18:11 +02:00
Code Issues Releases Activity

avformat/icodec: Fix crash probing fuzzed file

Browse Source 
Avoid invalid memory read/crash when frame offset >= 0xfffffff8.
Base64-encoded example: AAABADAwMDAwMAAAMAAwMDAw/P///w==
(The previous commit verifies that p->buf_size >= 22.)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Mark Harris
2016-02-15 23:52:13 -08:00
committed by Michael Niedermayer
parent 1b4fbf8080
commit 56e2cd9c04
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/icodec.c
View File

@@ -63,7 +63,7 @@ static int probe(AVProbeData *p)
offset = AV_RL32(p->buf + 18 + i * 16);
if (offset < 22)
return FFMIN(i, AVPROBE_SCORE_MAX / 4);
if (offset + 8 > p->buf_size)
if (offset > p->buf_size - 8)
continue;
if (p->buf[offset] != 40 && AV_RB64(p->buf + offset) != PNGSIG)
return FFMIN(i, AVPROBE_SCORE_MAX / 4);