On Sat, Nov 14, 2020 at 11:12:15AM +0100, Anton Khirnov wrote: > Quoting Michael Niedermayer (2020-11-10 00:04:54) > > Fixes: OOM > > Fixes: > > 26934/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5996784213819392 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavformat/wavdec.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c > > index a81f2c7a67..6e5f4ccc12 100644 > > --- a/libavformat/wavdec.c > > +++ b/libavformat/wavdec.c > > @@ -920,7 +920,7 @@ static int w64_read_header(AVFormatContext *s) > > if (chunk_size == UINT32_MAX || (filesize >= 0 && > > chunk_size > filesize)) > > return AVERROR_INVALIDDATA; > > > > - value = av_mallocz(chunk_size + 1); > > + value = av_malloc(chunk_size + 1); > > This looks highly suspicious as a fix for anything other than > performance.
if iam not mistaken: The allocation doesnzt trigger OOM as no physical memory is allocated but once it is written to "z" it does and then OOMs if OTOH its written too while data is read from somewhere then a EOF ends writing and no OOM would happen thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".