]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 66ca6d0)
avformat/aiffdec: Check packet size
authorMichael Niedermayer <michael@niedermayer.cc>
Mon, 26 Oct 2020 19:55:31 +0000 (20:55 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Wed, 4 Nov 2020 22:30:53 +0000 (23:30 +0100)
Fixes: Fixes infinite loop
Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/aiffdec.c patch | blob | history

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index c650e9074d572a52a0dc6594fb08c1ae00216256..15733478e1426ceb62a725d2899a59143772e188 100644 (file)
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -406,6 +406,8 @@ static int aiff_read_packet(AVFormatContext *s,
         break;
     default:
         size = st->codecpar->block_align ? (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE;
+        if (!size)
+            return AVERROR_INVALIDDATA;
     }
     size = FFMIN(max_size, size);
     res = av_get_packet(s->pb, pkt, size);
Unnamed repository; edit this file 'description' to name the repository.