[FFmpeg-devel] [PATCH] avformat/icodec: Fix crash probing fuzzed file

Mark Harris Mon, 15 Feb 2016 10:00:06 -0800

Avoid invalid memory read/crash when ico offset >= 0xfffffff8.
Base64-encoded example: AAABADAwMDAwMAAAMAAwMDAw/P///w==
---
 libavformat/icodec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


diff --git a/libavformat/icodec.c b/libavformat/icodec.c
index 6ddb901..8f84337 100644
--- a/libavformat/icodec.c
+++ b/libavformat/icodec.c
@@ -60,7 +60,7 @@ static int probe(AVProbeData *p)
         offset = AV_RL32(p->buf + 18 + i * 16);
         if (offset < 22)
             return FFMIN(i, AVPROBE_SCORE_MAX / 4);
-        if (offset + 8 > p->buf_size)
+        if (offset > p->buf_size - 8)
             return AVPROBE_SCORE_MAX / 4 + FFMIN(i, 1);
         if (p->buf[offset] != 40 && AV_RB64(p->buf + offset) != PNGSIG)
             return FFMIN(i, AVPROBE_SCORE_MAX / 4);
-- 
2.7.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] avformat/icodec: Fix crash probing fuzzed file

Reply via email to