Re: [FFmpeg-devel] [PATCH 2/3] avcodec/exr: Check for duplicate channel index

[Michael Niedermayer]

On Tue, Dec 25, 2018 at 11:15:21PM +0100, Michael Niedermayer wrote:
> Fixes: Out of memory
> Fixes: 
> 11582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5730204559867904
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer 
> ---
>  libavcodec/exr.c | 5 +
>  1 file changed, 5 insertions(+)

will apply

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When the tyrant has disposed of foreign enemies by conquest or treaty, and
there is nothing more to fear from them, then he is always stirring up
some war or other, in order that the people may require a leader. -- Plato


signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH 2/3] avcodec/exr: Check for duplicate channel index

[Michael Niedermayer]

Fixes: Out of memory
Fixes: 
11582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5730204559867904

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
---
 libavcodec/exr.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 5253cc3f13..13755e1e6e 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1463,6 +1463,11 @@ static int decode_header(EXRContext *s, AVFrame *frame)
 }
 s->pixel_type = current_pixel_type;
 s->channel_offsets[channel_index] = 
s->current_channel_offset;
+} else if (channel_index >= 0) {
+av_log(s->avctx, AV_LOG_ERROR,
+"Multiple channels with index %d.\n", 
channel_index);
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 
 s->channels = av_realloc(s->channels,
-- 
2.20.1

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel