On Thu, Feb 04, 2021 at 12:02:07PM +0100, Anton Khirnov wrote: > Quoting Michael Niedermayer (2021-01-30 20:28:26) > > Fixes: out of array access > > Fixes: > > 29345/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5401813482340352 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/hapdec.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/libavcodec/hapdec.c b/libavcodec/hapdec.c > > index ab364aa790..260fda2968 100644 > > --- a/libavcodec/hapdec.c > > +++ b/libavcodec/hapdec.c > > @@ -86,6 +86,8 @@ static int hap_parse_decode_instructions(HapContext *ctx, > > int size) > > return ret; > > for (i = 0; i < section_size / 4; i++) { > > ctx->chunks[i].compressed_offset = > > bytestream2_get_le32(gbc); > > + if (ctx->chunks[i].compressed_offset < 0) > > Would it not be better to change compressed_offset to uint32 or size_t?
its more work to change the type of a variable as there is more to check. But i agree that a unsigend 32bit should be better (in theory) to hold these 32bit Will post a new patch thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security.-Bruce Schneier
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
