On 3/14/2022 11:04 AM, Michael Niedermayer wrote:
On Sun, Mar 13, 2022 at 04:03:42PM -0300, James Almer wrote:
On 3/12/2022 8:52 PM, Michael Niedermayer wrote:
Fixes: Out of array read
Fixes:
45137/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_SUPERFRAME_SPLIT_fuzzer-4984270639202304
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/vp9_superframe_split_bsf.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/vp9_superframe_split_bsf.c
b/libavcodec/vp9_superframe_split_bsf.c
index ed0444561a..6af555c078 100644
--- a/libavcodec/vp9_superframe_split_bsf.c
+++ b/libavcodec/vp9_superframe_split_bsf.c
@@ -51,6 +51,11 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx,
AVPacket *out)
return ret;
in = s->buffer_pkt;
+ if (in->size == 0) {
!in->size
I favor checking "== 0" when its about the value 0 and !X when its about
something being not set / not allocated.
but i can change it if you prefer
thx
I suggested it for the sake of consistence. Most AVPacket.size checks
use !X to check for 0.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
