On Fri, Apr 26, 2024 at 08:57:02PM -0300, James Almer wrote:
> On 4/26/2024 8:52 PM, Michael Niedermayer wrote:
> > Fixes: memleak
> > Fixes: 
> > 68212/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4963488540721152
> > 
> > Found-by: continuous fuzzing process 
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > ---
> >   libavformat/mov.c | 3 +++
> >   1 file changed, 3 insertions(+)
> > 
> > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > index 97a24e6737e..5b8278f736e 100644
> > --- a/libavformat/mov.c
> > +++ b/libavformat/mov.c
> > @@ -8136,6 +8136,9 @@ static int mov_read_infe(MOVContext *c, AVIOContext 
> > *pb, MOVAtom atom, int idx)
> >       avio_rb24(pb);  // flags.
> >       size -= 4;
> > +    if (c->heif_item[idx].name)
> > +        return AVERROR_INVALIDDATA;
> 
> I prefer to free the old one before the av_bprint_finalize() call instead of
> aborting.

does the format allow this to be changing ?

because security wise, allowing an attacker to change things is worse
than allowing her to just set it once.

and heif seems to have a rather high density of issues already, judging
from how many of the recent mov issues where in heif code

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Dictatorship naturally arises out of democracy, and the most aggravated
form of tyranny and slavery out of the most extreme liberty. -- Plato

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to