[FFmpeg-devel] [PATCH] avformat/matroskadec: Sanity check codec_id/track type
Michael Niedermayer
michael at niedermayer.cc
Mon Dec 7 02:06:14 EET 2020
Fixes: memleak
Fixes: 27766/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5198300814508032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/matroskadec.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 44db2c8358..18fc2750a1 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2318,6 +2318,18 @@ static int matroska_parse_tracks(AVFormatContext *s)
if (!track->codec_id)
continue;
+ if (track->type == MATROSKA_TRACK_TYPE_AUDIO && track->codec_id[0] == 'A') {
+ ;
+ } else if (track->type == MATROSKA_TRACK_TYPE_VIDEO && track->codec_id[0] == 'V') {
+ ;
+ } else if ((track->type == MATROSKA_TRACK_TYPE_SUBTITLE || track->type == MATROSKA_TRACK_TYPE_METADATA) &&
+ (track->codec_id[0] == 'S' || track->codec_id[0] == 'D')) {
+ ;
+ } else {
+ av_log(matroska->ctx, AV_LOG_INFO, "Inconsistent track type\n");
+ continue;
+ }
+
if (track->audio.samplerate < 0 || track->audio.samplerate > INT_MAX ||
isnan(track->audio.samplerate)) {
av_log(matroska->ctx, AV_LOG_WARNING,
--
2.17.1
More information about the ffmpeg-devel
mailing list