1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avformat/concatdec: use av_strstart()

Fixes: out array read
Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2610acb49a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-10-31 23:46:33 +01:00
parent 633f4568be
commit 7186ab2b7d

View File

@ -111,7 +111,8 @@ static int add_file(AVFormatContext *avf, char *filename, ConcatFile **rfile,
ConcatFile *file;
char *url = NULL;
const char *proto;
size_t url_len, proto_len;
const char *ptr;
size_t url_len;
int ret;
if (cat->safe > 0 && !safe_filename(filename)) {
@ -120,9 +121,8 @@ static int add_file(AVFormatContext *avf, char *filename, ConcatFile **rfile,
}
proto = avio_find_protocol_name(filename);
proto_len = proto ? strlen(proto) : 0;
if (proto && !memcmp(filename, proto, proto_len) &&
(filename[proto_len] == ':' || filename[proto_len] == ',')) {
if (proto && av_strstart(filename, proto, &ptr) &&
(*ptr == ':' || *ptr == ',')) {
url = filename;
filename = NULL;
} else {