virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Code Issues Releases Activity

tools/target_dem_fuzzer: Consider it an EIO when reading position wraps around 64bit

Browse Source 
Fixes: signed integer overflow: 9223372036854775807 + 564 cannot be represented in type 'long'
Fixes: 26494/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-576754158849228
Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824
FIxes: 26875/clusterfuzz-testcase-minimized-ffmpeg_dem_C93_fuzzer-5996226782429184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-10-23 10:48:36 +02:00
parent 79cf7c7191
commit 8fbcc546b8
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/target_dem_fuzzer.c
View File

@ -49,6 +49,8 @@ static int io_read(void *opaque, uint8_t *buf, int buf_size)
c->filesize = FFMIN(c->pos, c->filesize);
return AVERROR_EOF;
}
if (c->pos > INT64_MAX - size)
return AVERROR(EIO);
memcpy(buf, c->fuzz, size);
c->fuzz += size;