wrapper/FFmpeg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

avcodec/parser: Check next index validity in ff_combine_frame()

Browse source 
Fixes: out of array access
Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15008db0fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-07-06 09:21:52 +02:00
parent c2507e1946
commit 5bcced7bea
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
libavcodec/parser.c
View file

@ -262,6 +262,9 @@ int ff_combine_frame(ParseContext *pc, int next,
for (; pc->overread > 0; pc->overread--)
pc->buffer[pc->index++] = pc->buffer[pc->overread_index++];
if (next > *buf_size)
return AVERROR(EINVAL);
/* flush remaining if EOF */
if (!*buf_size && next == END_NOT_FOUND)
next = 0;