[FFmpeg-cvslog] avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()

Michael Niedermayer git at videolan.org
Sat Apr 23 18:45:14 EEST 2022


ffmpeg | branch: release/2.8 | Michael Niedermayer <michael at niedermayer.cc> | Fri Feb  4 00:44:32 2022 +0100| [de0402767928fe0acbbc7a87b945853f46d7f45e] | committer: Michael Niedermayer

avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()

Fixes: pointer index expression with base 0x000000000000 overflowed to 0xffffffffffffffff
Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de0402767928fe0acbbc7a87b945853f46d7f45e
---

 libavformat/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index a737f2a4b0..27fded3ca9 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -4152,7 +4152,7 @@ void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf,
         key_len = ptr - key;
 
         callback_get_buf(context, key, key_len, &dest, &dest_len);
-        dest_end = dest + dest_len - 1;
+        dest_end = dest ? dest + dest_len - 1 : NULL;
 
         if (*ptr == '\"') {
             ptr++;



More information about the ffmpeg-cvslog mailing list