Fixes: integer overflow Fixes: 67275/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5438920751906816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/iamf_reader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/iamf_reader.c b/libavformat/iamf_reader.c index 270cfac389..f3ff4170c6 100644 --- a/libavformat/iamf_reader.c +++ b/libavformat/iamf_reader.c @@ -283,9 +283,9 @@ int ff_iamf_read_packet(AVFormatContext *s, IAMFDemuxContext *c, len = ff_iamf_parse_obu_header(header, size, &obu_size, &start_pos, &type, &skip_samples, &discard_padding); - if (len < 0 || obu_size > max_size) { + if (len < 0 || obu_size > max_size || len > INT_MAX - read) { av_log(s, AV_LOG_ERROR, "Failed to read obu\n"); - return len; + return len < 0 ? len : AVERROR_INVALIDDATA; } avio_seek(pb, -(size - start_pos), SEEK_CUR); -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
