[FFmpeg-devel] [PATCH 4/5] avformat/lvfdec: Check stream_index before use

Paul B Mahol onemda at gmail.com
Sun Nov 8 22:21:45 EET 2020


LGTM

On Sun, Nov 8, 2020 at 12:18 AM Michael Niedermayer <michael at niedermayer.cc>
wrote:

> Fixes: assertion failure
> Fixes:
> 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavformat/lvfdec.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/lvfdec.c b/libavformat/lvfdec.c
> index 8b8d6f01b9..4c87728def 100644
> --- a/libavformat/lvfdec.c
> +++ b/libavformat/lvfdec.c
> @@ -106,6 +106,7 @@ static int lvf_read_packet(AVFormatContext *s,
> AVPacket *pkt)
>      unsigned size, flags, timestamp, id;
>      int64_t pos;
>      int ret, is_video = 0;
> +    int stream_index;
>
>      pos = avio_tell(s->pb);
>      while (!avio_feof(s->pb)) {
> @@ -121,12 +122,15 @@ static int lvf_read_packet(AVFormatContext *s,
> AVPacket *pkt)
>          case MKTAG('0', '1', 'w', 'b'):
>              if (size < 8)
>                  return AVERROR_INVALIDDATA;
> +            stream_index = is_video ? 0 : 1;
> +            if (stream_index >= s->nb_streams)
> +                return AVERROR_INVALIDDATA;
>              timestamp = avio_rl32(s->pb);
>              flags = avio_rl32(s->pb);
>              ret = av_get_packet(s->pb, pkt, size - 8);
>              if (flags & (1 << 12))
>                  pkt->flags |= AV_PKT_FLAG_KEY;
> -            pkt->stream_index = is_video ? 0 : 1;
> +            pkt->stream_index = stream_index;
>              pkt->pts          = timestamp;
>              pkt->pos          = pos;
>              return ret;
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".


More information about the ffmpeg-devel mailing list