On Sat, 11 May 2024 at 03:45, Michael Niedermayer
<mich...@niedermayer.cc> wrote:
>
> On Thu, May 09, 2024 at 04:02:09PM +0200, Kacper Michajłow wrote:
> > Also reject input if it is too short.
> >
> > Found by OSS-Fuzz.
> >
> > Signed-off-by: Kacper Michajłow <kaspe...@gmail.com>
> > ---
> > libavformat/data_uri.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavformat/data_uri.c b/libavformat/data_uri.c
> > index 3868a19630..f97ecbab37 100644
> > --- a/libavformat/data_uri.c
> > +++ b/libavformat/data_uri.c
> > @@ -73,11 +73,11 @@ static av_cold int data_open(URLContext *h, const char
> > *uri, int flags)
> > data++;
> > in_size = strlen(data);
> > if (base64) {
> > - size_t out_size = 3 * (in_size / 4) + 1;
> > + size_t out_size = AV_BASE64_DECODE_SIZE(in_size);
>
> i suspect this is correct
>
>
> >
> > if (out_size > INT_MAX || !(ddata = av_malloc(out_size)))
> > return AVERROR(ENOMEM);
>
> > - if ((ret = av_base64_decode(ddata, data, out_size)) < 0) {
> > + if (!out_size || (ret = av_base64_decode(ddata, data, out_size)) <
> > 0) {
> > av_free(ddata);
> > av_log(h, AV_LOG_ERROR, "Invalid base64 in URI\n");
> > return ret;
>
> why would this need a out_size == 0 check ?
>
> also it seems av_base64_decode() itself is buggy, ive sent 2 patches
> fixing av_base64_decode() and extening the self tests
Thank you for the fix. I can confirm it works. I've still sent an
AV_BASE64_DECODE_SIZE change, just for the correctness of it.
- Kacper
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
