highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avcodec/dnxhd_parser: Fix parser when input does not have nicely sized packets

Browse Source 
Fixes: out of array access
Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d900d8fe0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2019-07-06 11:51:09 +02:00
parent 2e20f02df4
commit ddda370a97
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/dnxhd_parser.c
View File

@@ -79,8 +79,9 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx,
if (remaining <= 0)
continue;
}
remaining += i - 47;
dctx->remaining = remaining;
if (buf_size - i + 47 >= dctx->remaining) {
if (buf_size >= dctx->remaining) {
pc->frame_start_found = 0;
pc->state64 = -1;
dctx->cur_byte = 0;