avcodec/avpacket: Limit iterations in ff_packet_split_and_drop_side_data()

This avoids scaning beyond what a valid packet can contain Fixes: Timeout Fixes: 541/clusterfuzz-testcase-610189291657625 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2017-06-11 22:08:04 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-06-11 22:09:15 +0200
commit: 07339a45a04e5fa0848937090511d69a39a04740 (patch)
tree: 2d64d0b6f009d690d664dd4b34d4268ec541f654
parent: d24043e1a2f93f206a2ad59054f24f45ff023e5c (diff)
download: ffmpeg-07339a45a04e5fa0848937090511d69a39a04740.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index a04cdaf530..5ce3228166 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -495,6 +495,8 @@ int ff_packet_split_and_drop_side_data(AVPacket *pkt){
             if (p - pkt->data < size + 5)
                 return 0;
             p-= size+5;
+            if (i > AV_PKT_DATA_NB)
+                return 0;
         }
         pkt->size = p - pkt->data - size;
         av_assert0(pkt->size >= 0);
author	Michael Niedermayer <michael@niedermayer.cc>	2017-06-11 22:08:04 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-06-11 22:09:15 +0200
commit	07339a45a04e5fa0848937090511d69a39a04740 (patch)
tree	2d64d0b6f009d690d664dd4b34d4268ec541f654
parent	d24043e1a2f93f206a2ad59054f24f45ff023e5c (diff)
download	ffmpeg-07339a45a04e5fa0848937090511d69a39a04740.tar.gz