Michael Niedermayer: > Fixes: OOM > Fixes: > 26608/clusterfuzz-testcase-minimized-ffmpeg_dem_APNG_fuzzer-4839491644424192 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavformat/apngdec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c > index 0f1d04a365..2e79fdd85c 100644 > --- a/libavformat/apngdec.c > +++ b/libavformat/apngdec.c > @@ -140,6 +140,8 @@ static int append_extradata(AVCodecParameters *par, > AVIOContext *pb, int len) > > if ((ret = avio_read(pb, par->extradata + previous_size, len)) < 0) > return ret; > + if (ret < len) > + return AVERROR_INVALIDDATA; > > return previous_size; > } > Reminds me of https://ffmpeg.org/pipermail/ffmpeg-devel/2020-January/255671.html. But how can this fix an OOM scenario? If avio_read() couldn't read everything it should read, then we are at the end of the file and the avio_feof() check will make sure that this is the last iteration of the loop. Or is this a file that is being written to while it is read? (In which case an earlier reading attempt might have failed, but a new one might succeed because there is new data.)
- Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
