Also reject input if it is too short.
Found by OSS-Fuzz.
Signed-off-by: Kacper Michajłow <kaspe...@gmail.com>
---
libavformat/data_uri.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/data_uri.c b/libavformat/data_uri.c
index 3868a19630..f97ecbab37 100644
--- a/libavformat/data_uri.c
+++ b/libavformat/data_uri.c
@@ -73,11 +73,11 @@ static av_cold int data_open(URLContext *h, const char
*uri, int flags)
data++;
in_size = strlen(data);
if (base64) {
- size_t out_size = 3 * (in_size / 4) + 1;
+ size_t out_size = AV_BASE64_DECODE_SIZE(in_size);
if (out_size > INT_MAX || !(ddata = av_malloc(out_size)))
return AVERROR(ENOMEM);
- if ((ret = av_base64_decode(ddata, data, out_size)) < 0) {
+ if (!out_size || (ret = av_base64_decode(ddata, data, out_size)) < 0) {
av_free(ddata);
av_log(h, AV_LOG_ERROR, "Invalid base64 in URI\n");
return ret;
--
2.43.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
