Re: [FFmpeg-devel] [PATCH 3/3] avformat/mov: Check for EOF in mov_read_meta()

Fri, 30 Aug 2019 16:58:44 -0700 

On 8/30/2019 8:25 PM, Michael Niedermayer wrote:
> Fixes: Timeout (195sec -> 2ms)
> Fixes: 
> 16735/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5090676403863552
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
>  libavformat/mov.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 675b915906..46c544b61f 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -4419,7 +4419,10 @@ static int mov_read_custom(MOVContext *c, AVIOContext 
> *pb, MOVAtom atom)
>  static int mov_read_meta(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>  {
>      while (atom.size > 8) {
> -        uint32_t tag = avio_rl32(pb);
> +        uint32_t tag;
> +        if (avio_feof(pb))
> +            return AVERROR_EOF;
> +        tag = avio_rl32(pb);
>          atom.size -= 4;
>          if (tag == MKTAG('h','d','l','r')) {
>              avio_seek(pb, -8, SEEK_CUR);

Maybe do something like "while (atom.size > 8 && !avio_feof(pb))"
instead, which is similar to the loop in mov_read_default.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to