[FFmpeg-devel] [PATCH 5/7] avformat/mxfdec: Check for duplicate mxf_read_index_entry_array()

[Tomas Härdin]

sön 2021-12-05 klockan 22:19 +0100 skrev Michael Niedermayer:
> Fixes: memleak
> Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
> 6439060204290048
> 
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavformat/mxfdec.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index c231c944c01..1d501982793 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -1111,6 +1111,9 @@ static int
> mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg
>  {
>      int i, length;
>  
> +    if (segment->temporal_offset_entries)
> +        return AVERROR_INVALIDDATA;
> +
>      segment->nb_index_entries = avio_rb32(pb);
>  
>      length = avio_rb32(pb);

Should be OK. Not sure if the spec allows multiple IndexEntryArrays per
index table, but this at least shouldn't break anything since it
wouldn't have been working correctly before either way.

/Tomas