avformat/cafdec: Check for EOF in index read loop

Fixes: OOM Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eb46939e3ab3e0e4df69486b1a037bffc50493bd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-11-18 00:58:37 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-09-11 21:23:48 +0200
commit: a0f3a049e62d3c57ef0f82f0733f465bdc0737ca (patch)
tree: 8ecaef56d232b253a9d2466dbf225279a3832f78
parent: f7fe3969ef943bb375ac1b16e4fd5915e4096cf3 (diff)
download: ffmpeg-a0f3a049e62d3c57ef0f82f0733f465bdc0737ca.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index 5b1abc4f47..dc87bb4502 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -207,6 +207,8 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size)
 
     st->duration = 0;
     for (i = 0; i < num_packets; i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         av_add_index_entry(s->streams[0], pos, st->duration, 0, 0, AVINDEX_KEYFRAME);
         pos += caf->bytes_per_packet ? caf->bytes_per_packet : ff_mp4_read_descr_len(pb);
         st->duration += caf->frames_per_packet ? caf->frames_per_packet : ff_mp4_read_descr_len(pb);
author	Michael Niedermayer <michael@niedermayer.cc>	2020-11-18 00:58:37 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-09-11 21:23:48 +0200
commit	a0f3a049e62d3c57ef0f82f0733f465bdc0737ca (patch)
tree	8ecaef56d232b253a9d2466dbf225279a3832f78
parent	f7fe3969ef943bb375ac1b16e4fd5915e4096cf3 (diff)
download	ffmpeg-a0f3a049e62d3c57ef0f82f0733f465bdc0737ca.tar.gz