virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity

avcodec/hevc_mp4toannexb_bsf: check that nalu size doesnt overflow

Browse Source 
Fixes: Out of array access
Fixes: 19299/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_MP4TOANNEXB_fuzzer-5169193398042624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8ceb2a72f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-12-13 00:50:21 +01:00
parent 0ab57e0626
commit a0868285c0
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/hevc_mp4toannexb_bsf.c
View File

@ -152,8 +152,7 @@ static int hevc_mp4toannexb_filter(AVBSFContext *ctx, AVPacket *out)
extra_size = add_extradata * ctx->par_out->extradata_size;
got_irap |= is_irap;
if (SIZE_MAX - nalu_size < 4 ||
SIZE_MAX - 4 - nalu_size < extra_size) {
if (FFMIN(INT_MAX, SIZE_MAX) < 4ULL + nalu_size + extra_size) {
ret = AVERROR_INVALIDDATA;
goto fail;
}