ffmpeg | branch: master | Marton Balint <[email protected]> | Wed Dec 28 03:20:11 2022 +0100| [af606c232a9ecd30c69e7754547eb0dd232bc29d] | committer: Marton Balint
avformat/mxfdec: check number of index table entires more strictly Let's ignore the index table if the number of index entries does not match the index duration (or the special AVID index entry counts). Fixes: OOM Fixes: 50551/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6607795234930688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Marton Balint <[email protected]> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af606c232a9ecd30c69e7754547eb0dd232bc29d --- libavformat/mxfdec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index efd0b9521c..4530617207 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1937,6 +1937,14 @@ static int mxf_compute_ptses_fake_index(MXFContext *mxf, MXFIndexTable *index_ta return 0; } + if (s->nb_index_entries != s->index_duration && + s->nb_index_entries != s->index_duration + 1 && /* Avid index */ + s->nb_index_entries != s->index_duration * 2 + 1) { + index_table->nb_ptses = 0; + av_log(mxf->fc, AV_LOG_ERROR, "ignoring IndexSID %d, duration does not match nb_index_entries\n", s->index_sid); + return 0; + } + index_table->nb_ptses += s->index_duration; } _______________________________________________ ffmpeg-cvslog mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
