diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2021-06-24 19:53:47 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2021-10-12 16:46:06 +0200 |
| commit | c0b6f4b38da9523621eb1f3956fa2b0a0f64331d (patch) | |
| tree | d56b4034d09c7c20cfff1c3330acb360f5098b4d | |
| parent | 2d993f5fd6626c885bb56f505f265c4d6635e952 (diff) | |
| download | ffmpeg-c0b6f4b38da9523621eb1f3956fa2b0a0f64331d.tar.gz | |
avformat/matroskadec: Reset state also on failure in matroska_reset_status()
The calling code does not handle failures and will fail with assertion failures later.
Seeking can always fail even when the position was previously read.
Fixes: Assertion failure
Fixes: 35253/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4693059982983168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d115eec97929e23fd1b06df2d95f48cf5000eb87)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavformat/matroskadec.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 4b189902a3..e316dbd0a2 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -757,20 +757,22 @@ static int matroska_read_close(AVFormatContext *s); static int matroska_reset_status(MatroskaDemuxContext *matroska, uint32_t id, int64_t position) { + int64_t err = 0; if (position >= 0) { - int64_t err = avio_seek(matroska->ctx->pb, position, SEEK_SET); - if (err < 0) - return err; - } + err = avio_seek(matroska->ctx->pb, position, SEEK_SET); + if (err > 0) + err = 0; + } else + position = avio_tell(matroska->ctx->pb); matroska->current_id = id; matroska->num_levels = 1; matroska->unknown_count = 0; - matroska->resync_pos = avio_tell(matroska->ctx->pb); + matroska->resync_pos = position; if (id) matroska->resync_pos -= (av_log2(id) + 7) / 8; - return 0; + return err; } static int matroska_resync(MatroskaDemuxContext *matroska, int64_t last_pos) @@ -1814,6 +1816,7 @@ static int matroska_parse_seekhead_entry(MatroskaDemuxContext *matroska, uint32_t saved_id = matroska->current_id; int64_t before_pos = avio_tell(matroska->ctx->pb); int ret = 0; + int ret2; /* seek */ if (avio_seek(matroska->ctx->pb, pos, SEEK_SET) == pos) { @@ -1838,7 +1841,9 @@ static int matroska_parse_seekhead_entry(MatroskaDemuxContext *matroska, } /* Seek back - notice that in all instances where this is used * it is safe to set the level to 1. */ - matroska_reset_status(matroska, saved_id, before_pos); + ret2 = matroska_reset_status(matroska, saved_id, before_pos); + if (ret >= 0) + ret = ret2; return ret; } |