diff options
author | Mark Thompson <sw@jkqxz.net> | 2021-02-02 20:58:11 +0000 |
---|---|---|
committer | Mark Thompson <sw@jkqxz.net> | 2021-03-12 22:45:33 +0000 |
commit | 2c96e6cb955af3062e78c5b0f9fb907cfb2e59e3 (patch) | |
tree | 23f0583aba572b823d56f343bd622f8e490c5adb /libavdevice | |
parent | b128b0ce2203f96ff86969f6d0039827a7f00378 (diff) | |
download | ffmpeg-2c96e6cb955af3062e78c5b0f9fb907cfb2e59e3.tar.gz |
cbs_sei: Detect payload overflows when reading SEI messages
The top-level GetBitContext is sized for the whole NAL unit, so it fails
to detect overflows where a payload continues into the following message.
To fix that, we make a new context on the stack for reading each payload.
Fixes: 29892/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_REDUNDANT_PPS_fuzzer-6310830956216320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavdevice')
0 files changed, 0 insertions, 0 deletions