ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Sun Sep 18 14:47:25 2022 +0200| [2c146406eac06f3d3cd3d981c29e7affd834cb4d] | committer: Michael Niedermayer
avformat/nutdec: Check fields Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c146406eac06f3d3cd3d981c29e7affd834cb4d --- libavformat/nutdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c index 8cc56615ad..24dedc4758 100644 --- a/libavformat/nutdec.c +++ b/libavformat/nutdec.c @@ -245,6 +245,11 @@ static int decode_main_header(NUTContext *nut) for (i = 0; i < 256;) { int tmp_flags = ffio_read_varlen(bc); int tmp_fields = ffio_read_varlen(bc); + if (tmp_fields < 0) { + av_log(s, AV_LOG_ERROR, "fields %d is invalid\n", tmp_fields); + ret = AVERROR_INVALIDDATA; + goto fail; + } if (tmp_fields > 0) tmp_pts = get_s(bc); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
