[FFmpeg-devel] [PATCH 2/2] avcodec/cbs_h2645: Avoid more cases of 0 size slices
Michael Niedermayer
michael at niedermayer.cc
Sun Mar 8 00:40:43 EET 2020
Fixes: Assertion failure
Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/cbs_h2645.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index c8347ba5fa..7427eefa30 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -870,7 +870,8 @@ static int cbs_h264_read_nal_unit(CodedBitstreamContext *ctx,
"from slice data.\n", z);
len -= z;
}
-
+ if (len <= pos / 8)
+ return AVERROR_INVALIDDATA;
slice->data_size = len - pos / 8;
slice->data_ref = av_buffer_ref(unit->data_ref);
if (!slice->data_ref)
@@ -1052,7 +1053,8 @@ static int cbs_h265_read_nal_unit(CodedBitstreamContext *ctx,
"from slice data.\n", z);
len -= z;
}
-
+ if (len <= pos / 8)
+ return AVERROR_INVALIDDATA;
slice->data_size = len - pos / 8;
slice->data_ref = av_buffer_ref(unit->data_ref);
if (!slice->data_ref)
--
2.17.1
More information about the ffmpeg-devel
mailing list