[FFmpeg-devel] [PATCH 6/6] avformat/concatdec: use av_strstart()
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Mon Nov 2 03:50:15 EET 2020
Michael Niedermayer:
> Fixes: out array read
> Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/concatdec.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c
> index 4b56b61404..6d5b9914f9 100644
> --- a/libavformat/concatdec.c
> +++ b/libavformat/concatdec.c
> @@ -113,7 +113,8 @@ static int add_file(AVFormatContext *avf, char *filename, ConcatFile **rfile,
> ConcatFile *file;
> char *url = NULL;
> const char *proto;
> - size_t url_len, proto_len;
> + const char *ptr;
> + size_t url_len;
> int ret;
>
> if (cat->safe > 0 && !safe_filename(filename)) {
> @@ -122,9 +123,8 @@ static int add_file(AVFormatContext *avf, char *filename, ConcatFile **rfile,
> }
>
> proto = avio_find_protocol_name(filename);
> - proto_len = proto ? strlen(proto) : 0;
> - if (proto && !memcmp(filename, proto, proto_len) &&
> - (filename[proto_len] == ':' || filename[proto_len] == ',')) {
> + if (proto && av_strstart(filename, proto, &ptr) &&
> + (*ptr == ':' || *ptr == ',')) {
> url = filename;
> filename = NULL;
> } else {
>
LGTM.
- Andreas
More information about the ffmpeg-devel
mailing list