diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2019-08-31 23:20:01 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-09-06 22:25:35 +0200 |
commit | 55d4e22d71ca75223ee61f7d2535fdc6e9991026 (patch) | |
tree | 19e730d0650cb1494553a6c02ec57394aab366a1 /libavformat | |
parent | 413e0f2516eef678011cffd1ec6f0d92aa8bb96a (diff) | |
download | ffmpeg-55d4e22d71ca75223ee61f7d2535fdc6e9991026.tar.gz |
avformat/vividas: check for tiny blocks using alignment
Ask for a sample for these
Fixes: out of array access
Fixes: 16624/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5762455661182976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavformat')
-rw-r--r-- | libavformat/vividas.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavformat/vividas.c b/libavformat/vividas.c index 645e322b6e..1ac86a107e 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -153,6 +153,10 @@ static void decode_block(uint8_t *src, uint8_t *dest, unsigned size, if (align) { uint32_t tmpkey = *key_ptr - key; + if (a2 > s) { + a2 = s; + avpriv_request_sample(NULL, "tiny aligned block\n"); + } memcpy(tmp + align, src, a2); xor_block(tmp, tmp, 4, key, &tmpkey); memcpy(dest, tmp + align, a2); |