Fixes infinite loop with unknown encodings
We could alternatively error out from decode_str() or consume all of taglen
this would affect other callers though.
Fixes:
409819224/clusterfuzz-testcase-minimized-ffmpeg_dem_H261_fuzzer-6003527535362048
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavformat/id3v2.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 90314583a74..e3f7f9e2a90 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -341,10 +341,13 @@ static void read_ttag(AVFormatContext *s, AVIOContext
*pb, int taglen,
taglen--; /* account for encoding type byte */
while (taglen > 1) {
+ int current_taglen = taglen;
if (decode_str(s, pb, encoding, &dst, &taglen) < 0) {
av_log(s, AV_LOG_ERROR, "Error reading frame %s, skipped\n", key);
return;
}
+ if (current_taglen == taglen)
+ return;
count++;
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
