[FFmpeg-cvslog] avformat/mxfdec: Check llen addition for overflow
Michael Niedermayer
git at videolan.org
Tue Dec 31 06:00:17 EET 2024
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Dec 25 04:54:32 2024 +0100| [53db3516542c68f5ec92c5cdf8c13d76700ca9d5] | committer: Michael Niedermayer
avformat/mxfdec: Check llen addition for overflow
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Fixes: 377971441/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4966030696316928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=53db3516542c68f5ec92c5cdf8c13d76700ca9d5
---
libavformat/mxfdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 9ecaa287bb..0d97b3aade 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -496,6 +496,9 @@ static int klv_read_packet(MXFContext *mxf, KLVPacket *klv, AVIOContext *pb)
if (length < 0)
return length;
klv->length = length;
+ if (klv->offset > INT64_MAX - 16 - llen)
+ return AVERROR_INVALIDDATA;
+
pos = klv->offset + 16 + llen;
if (pos > INT64_MAX - length)
return AVERROR_INVALIDDATA;
More information about the ffmpeg-cvslog
mailing list