[FFmpeg-devel] [PATCH 1/7] avformat/asfdec_o: shrink extradata to the initialized size
Andreas Rheinhardt
andreas.rheinhardt at outlook.com
Fri Apr 23 21:00:16 EEST 2021
Michael Niedermayer:
> Fixes: OOM
> Fixes: 27240/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5937469859823616
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/asfdec_o.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
> index 6cfcd8b088..d08a09c14d 100644
> --- a/libavformat/asfdec_o.c
> +++ b/libavformat/asfdec_o.c
> @@ -600,8 +600,12 @@ static int parse_video_info(AVIOContext *pb, AVStream *st)
> memset(st->codecpar->extradata + st->codecpar->extradata_size , 0,
> AV_INPUT_BUFFER_PADDING_SIZE);
> if ((ret = avio_read(pb, st->codecpar->extradata,
> - st->codecpar->extradata_size)) < 0)
> + st->codecpar->extradata_size)) < 0) {
> + st->codecpar->extradata_size = 0;
> + av_freep(&st->codecpar->extradata);
> return ret;
> + }
> + st->codecpar->extradata_size = ret;
> }
> return 0;
> }
>
How important is it to preserve partially read extradata? If it is not
important, one could just use ff_get_extradata(); if it is important,
then memset should be performed after the read, so that the real padding
of the extradata is zeroed (it is uninitialized with your patch if the
desired size could not be read).
- Andreas
More information about the ffmpeg-devel
mailing list