avformat/mpegts: Limit copied data to space

Fixes: out of array access Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79cf7c71910a69b9f22b3e7ee6508a771262abaf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-11-04 01:06:47 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-10-17 21:34:53 +0200
commit: faf492237d1f5c907b5d51e745c737f12a9f94ab (patch)
tree: 896c04a41cd05aab06f625d76a0edb167bb32bf9
parent: 9d6c492479f7e8e8c02f491dac62bd76c5e2a3b7 (diff)
download: ffmpeg-faf492237d1f5c907b5d51e745c737f12a9f94ab.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index 4db526d330..d6a4ef0203 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -2638,7 +2638,7 @@ static int mpegts_raw_read_packet(AVFormatContext *s, AVPacket *pkt)
         return ret;
     }
     if (data != pkt->data)
-        memcpy(pkt->data, data, ts->raw_packet_size);
+        memcpy(pkt->data, data, TS_PACKET_SIZE);
     finished_reading_packet(s, ts->raw_packet_size);
     if (ts->mpeg2ts_compute_pcr) {
         /* compute exact PCR for each packet */
author	Michael Niedermayer <michael@niedermayer.cc>	2020-11-04 01:06:47 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-10-17 21:34:53 +0200
commit	faf492237d1f5c907b5d51e745c737f12a9f94ab (patch)
tree	896c04a41cd05aab06f625d76a0edb167bb32bf9
parent	9d6c492479f7e8e8c02f491dac62bd76c5e2a3b7 (diff)
download	ffmpeg-faf492237d1f5c907b5d51e745c737f12a9f94ab.tar.gz