]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 497ea04)
avformat/imx: Check palette chunk size
authorMichael Niedermayer <michael@niedermayer.cc>
Tue, 30 Mar 2021 10:47:22 +0000 (12:47 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 1 Apr 2021 08:10:21 +0000 (10:10 +0200)
Fixes: out of array write
Fixes: 32116/clusterfuzz-testcase-minimized-ffmpeg_dem_SIMBIOSIS_IMX_fuzzer-6702533894602752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/imx.c patch | blob | history

diff --git a/libavformat/imx.c b/libavformat/imx.c
index d203ed7a2800c4b901dbda8bdc7740596be46a76..22fca0bdc0e0dab881665d1c1a19959a7994b6b9 100644 (file)
--- a/libavformat/imx.c
+++ b/libavformat/imx.c
@@ -113,6 +113,8 @@ retry:
             imx->first_video_packet_pos = pos;
         break;
     case 0xAA98:
+        if (chunk_size > 256 * 3)
+            return AVERROR_INVALIDDATA;
         for (int i = 0; i < chunk_size / 3; i++) {
             unsigned r = avio_r8(pb) << 18;
             unsigned g = avio_r8(pb) << 10;
Unnamed repository; edit this file 'description' to name the repository.