c->filesize = FFMIN(c->pos, c->filesize);
return AVERROR_EOF;
}
+ if (c->pos > INT64_MAX - size)
+ return AVERROR(EIO);
memcpy(buf, c->fuzz, size);
c->fuzz += size;
// Ensure we don't loop forever
const uint32_t maxiteration = 8096;
+const int maxblocks= 50000;
static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
int seekable = 0;
int ret;
AVInputFormat *fmt = NULL;
-
- if (!c) {
#ifdef FFMPEG_DEMUXER
#define DEMUXER_SYMBOL0(DEMUXER) ff_##DEMUXER##_demuxer
#define DEMUXER_SYMBOL(DEMUXER) DEMUXER_SYMBOL0(DEMUXER)
- extern AVInputFormat DEMUXER_SYMBOL(FFMPEG_DEMUXER);
- fmt = &DEMUXER_SYMBOL(FFMPEG_DEMUXER);
+ extern AVInputFormat DEMUXER_SYMBOL(FFMPEG_DEMUXER);
+ fmt = &DEMUXER_SYMBOL(FFMPEG_DEMUXER);
#endif
- av_register_all();
- avcodec_register_all();
+
+ if (!c) {
av_log_set_level(AV_LOG_PANIC);
c=1;
}
filesize = bytestream2_get_le64(&gbc) & 0x7FFFFFFFFFFFFFFF;
if ((flags & 2) && strlen(filename) < sizeof(filename) / 2) {
- AVInputFormat *avif = NULL;
+ const AVInputFormat *avif = NULL;
+ void *avif_iter = NULL;
int avif_count = 0;
- while ((avif = av_iformat_next(avif))) {
+ while ((avif = av_demuxer_iterate(&avif_iter))) {
if (avif->extensions)
avif_count ++;
}
avif_count = bytestream2_get_le32(&gbc) % avif_count;
- while ((avif = av_iformat_next(avif))) {
+ avif_iter = NULL;
+ while ((avif = av_demuxer_iterate(&avif_iter))) {
if (avif->extensions)
if (!avif_count--)
break;
av_strlcatf(filename, sizeof(filename), ".%s", extension);
}
}
+
+ if (!io_buffer_size || size / io_buffer_size > maxblocks)
+ io_buffer_size = size;
+
io_buffer = av_malloc(io_buffer_size);
if (!io_buffer)
error("Failed to allocate io_buffer");
break;
av_packet_unref(&pkt);
}
-end:
+
av_freep(&fuzzed_pb->buffer);
- av_freep(&fuzzed_pb);
+ avio_context_free(&fuzzed_pb);
avformat_close_input(&avfmt);
return 0;
projects / ffmpeg / blobdiff