diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2019-01-29 01:06:01 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-02-03 19:40:20 +0100 |
| commit | e35c3d887b3e374c6a091342206a42da48785d70 (patch) | |
| tree | 1941766f2654c15ec8ef3e7e43866e3aafe92070 | |
| parent | b429c86d84cfc964c84bc68ec56799802de2b25a (diff) | |
| download | ffmpeg-e35c3d887b3e374c6a091342206a42da48785d70.tar.gz | |
avcodec/pgssubdec: Check for duplicate display segments
In such a duplication the previous gets overwritten and leaks
Fixes: memleak
Fixes: 12510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5694439226343424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/pgssubdec.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/pgssubdec.c b/libavcodec/pgssubdec.c index b897d72aab..8c10f6d573 100644 --- a/libavcodec/pgssubdec.c +++ b/libavcodec/pgssubdec.c @@ -676,6 +676,11 @@ static int decode(AVCodecContext *avctx, void *data, int *data_size, */ break; case DISPLAY_SEGMENT: + if (*data_size) { + av_log(avctx, AV_LOG_ERROR, "Duplicate display segment\n"); + ret = AVERROR_INVALIDDATA; + break; + } ret = display_end_segment(avctx, data, buf, segment_length); if (ret >= 0) *data_size = ret; |