[FFmpeg-devel] [PATCH 1/2] avcodec/cinepak: Check slice_size before allocating image
Michael Niedermayer
michael at niedermayer.cc
Tue Apr 30 22:05:07 EEST 2019
On Sun, Apr 28, 2019 at 04:53:53PM +0200, Tomas Härdin wrote:
> sön 2019-04-28 klockan 11:42 +0200 skrev Michael Niedermayer:
> > Fixes: Timeout (16sec -> 125msec)
> > Fixes: 14283/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5742851457024000
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavcodec/cinepak.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
> > index 9b0077402f..d26c505222 100644
> > --- a/libavcodec/cinepak.c
> > +++ b/libavcodec/cinepak.c
> > @@ -353,6 +353,13 @@ static int cinepak_predecode_check (CinepakContext *s)
> > if (s->size < 10 + s->sega_film_skip_bytes + num_strips * 12)
> > return AVERROR_INVALIDDATA;
> >
> > + if (num_strips) {
> > + uint8_t *data = s->data + 10 + s->sega_film_skip_bytes;
> > + int strip_size = AV_RB24 (data + 1);
>
> Should be OK since the check just before this ensures data[0..11] are
> valid
will apply patch
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Never trust a computer, one day, it may think you are the virus. -- Compn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190430/211886d4/attachment.sig>
More information about the ffmpeg-devel
mailing list