virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-04 22:03:09 +02:00
Code Issues Releases Activity

avformat/flvdec: don't skip backwards or over EOF

Browse Source 
Skipping backwards (and even forwards) resets the EOF flag, and can thus
lead to infinite looping if the conditions are just right.

Fixes: Infinite loop
Fixes: 427538726/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-6582567304495104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
This commit is contained in:
Timo Rothenpieler
2025-07-14 21:54:35 +02:00
parent 483e509169
commit 9015d595a1
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libavformat/flvdec.c
View File

@ -1860,8 +1860,16 @@ retry_duration:
next_track: next_track:
if (track_size) { if (track_size) {
av_log(s, AV_LOG_WARNING, "Track size mismatch: %d!\n", track_size); av_log(s, AV_LOG_WARNING, "Track size mismatch: %d!\n", track_size);
avio_skip(s->pb, track_size); if (!avio_feof(s->pb)) {
size -= track_size; if (track_size > 0) {
avio_skip(s->pb, track_size);
size -= track_size;
} else {
/* We have somehow read more than the track had to offer, leave and re-sync */
ret = FFERROR_REDO;
goto leave;
}
}
} }
if (!size) if (!size)