Michael Niedermayer: > Fixes: OOM > Fixes: > 27240/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-5937469859823616 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavformat/asfdec_o.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c > index 6cfcd8b088..d08a09c14d 100644 > --- a/libavformat/asfdec_o.c > +++ b/libavformat/asfdec_o.c > @@ -600,8 +600,12 @@ static int parse_video_info(AVIOContext *pb, AVStream > *st) > memset(st->codecpar->extradata + st->codecpar->extradata_size , 0, > AV_INPUT_BUFFER_PADDING_SIZE); > if ((ret = avio_read(pb, st->codecpar->extradata, > - st->codecpar->extradata_size)) < 0) > + st->codecpar->extradata_size)) < 0) { > + st->codecpar->extradata_size = 0; > + av_freep(&st->codecpar->extradata); > return ret; > + } > + st->codecpar->extradata_size = ret; > } > return 0; > } > How important is it to preserve partially read extradata? If it is not important, one could just use ff_get_extradata(); if it is important, then memset should be performed after the read, so that the real padding of the extradata is zeroed (it is uninitialized with your patch if the desired size could not be read).
- Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
