ffmpeg | branch: master | Michael Niedermayer <[email protected]> | Fri Dec 11 00:49:23 2020 +0100| [001bc594d82f3df67a6e96c6ea022f4e39002385] | committer: Michael Niedermayer
avformat/iff: Check data_size Fixes: infinite loop Fixes: 27834/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5694930919620608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=001bc594d82f3df67a6e96c6ea022f4e39002385 --- libavformat/iff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/iff.c b/libavformat/iff.c index f017684620..2dba121f6f 100644 --- a/libavformat/iff.c +++ b/libavformat/iff.c @@ -368,7 +368,7 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt) data_size = iff->is_64bit ? avio_rb64(pb) : avio_rb32(pb); data_pos = avio_tell(pb); - if (data_size < 1) + if (data_size < 1 || data_size >= INT64_MAX) return AVERROR_INVALIDDATA; switch (chunk_id) { _______________________________________________ ffmpeg-cvslog mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
