highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/id3v2: Check the return from avio_get_str()

Browse Source 
Fixes: out of array access
Fixes: 29446/clusterfuzz-testcase-minimized-ffmpeg_dem_AAC_fuzzer-5096222622875648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25f240fcb398eb499ca4b70c026a8bb9f2a32731)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-01-31 16:14:03 +01:00
parent ae3364bc30
commit ac7566e2d8
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavformat/id3v2.c
View File

@ -611,7 +611,10 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen,
/* mimetype */
if (isv34) {
taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
int ret = avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
if (ret < 0 || ret >= taglen)
goto fail;
taglen -= ret;
} else {
if (avio_read(pb, mimetype, 3) < 0)
goto fail;