[FFmpeg-devel] [PATCH] avformat/data_uri: Fix base64 decode buffer size calculation

[Kacper Michajłow]

Also reject input if it is too short.

Found by OSS-Fuzz.

Signed-off-by: Kacper Michajłow <kasper93 at gmail.com>
---
 libavformat/data_uri.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/data_uri.c b/libavformat/data_uri.c
index 3868a19630..f97ecbab37 100644
--- a/libavformat/data_uri.c
+++ b/libavformat/data_uri.c
@@ -73,11 +73,11 @@ static av_cold int data_open(URLContext *h, const char *uri, int flags)
     data++;
     in_size = strlen(data);
     if (base64) {
-        size_t out_size = 3 * (in_size / 4) + 1;
+        size_t out_size = AV_BASE64_DECODE_SIZE(in_size);
 
         if (out_size > INT_MAX || !(ddata = av_malloc(out_size)))
             return AVERROR(ENOMEM);
-        if ((ret = av_base64_decode(ddata, data, out_size)) < 0) {
+        if (!out_size || (ret = av_base64_decode(ddata, data, out_size)) < 0) {
             av_free(ddata);
             av_log(h, AV_LOG_ERROR, "Invalid base64 in URI\n");
             return ret;
-- 
2.43.0