ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Wed Nov 18 01:29:23 2020 +0100| [aea8d4061d3e662b506df8067b7584dbab0a1851] | committer: Michael Niedermayer
avformat/swfdec: Allocate output buffer after reading input Fixes: Timeout (>10sec -> 0.26sec) Fixes: 27419/clusterfuzz-testcase-minimized-ffmpeg_dem_SWF_fuzzer-5678307361947648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aea8d4061d3e662b506df8067b7584dbab0a1851 --- libavformat/swfdec.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index fa11c050cd..1463f0ad4d 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -368,14 +368,21 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) ch_id, bmp_fmt, width, height, linesize, len, out_len, colormapsize); zbuf = av_malloc(len); - buf = av_malloc(out_len); - if (!zbuf || !buf) { + if (!zbuf) { res = AVERROR(ENOMEM); goto bitmap_end; } len = avio_read(pb, zbuf, len); - if (len < 0 || (res = uncompress(buf, &out_len, zbuf, len)) != Z_OK) { + if (len < 0) + goto bitmap_end_skip; + + buf = av_malloc(out_len); + if (!buf) { + res = AVERROR(ENOMEM); + goto bitmap_end; + } + if ((res = uncompress(buf, &out_len, zbuf, len)) != Z_OK) { av_log(s, AV_LOG_WARNING, "Failed to uncompress one bitmap\n"); goto bitmap_end_skip; } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".