virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-03-17 20:17:55 +02:00
Code Issues Releases Activity

avformat/icodec: Fix crash probing fuzzed file

Browse Source 
Avoid invalid memory read/crash when frame offset >= 0xfffffff8.
Base64-encoded example: AAABADAwMDAwMAAAMAAwMDAw/P///w==
(The previous commit verifies that p->buf_size >= 22.)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 56e2cd9c042e05255aa28487694c29aaec023263)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Mark Harris 2016-02-15 23:52:13 -08:00 committed by Andreas Cadhalpun
parent e8ab2bd2ac
commit 9375a7d85e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/icodec.c
View File

@ -60,7 +60,7 @@ static int probe(AVProbeData *p)
offset = AV_RL32(p->buf + 18 + i * 16);
if (offset < 22)
return FFMIN(i, AVPROBE_SCORE_MAX / 4);
if (offset + 8 > p->buf_size)
if (offset > p->buf_size - 8)
return AVPROBE_SCORE_MAX / 4 + FFMIN(i, 1);
if (p->buf[offset] != 40 && AV_RB64(p->buf + offset) != PNGSIG)
return FFMIN(i, AVPROBE_SCORE_MAX / 4);