aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorMarton Balint <cus@passwd.hu>2022-12-28 03:20:11 +0100
committerMarton Balint <cus@passwd.hu>2023-01-29 18:58:30 +0100
commitaf606c232a9ecd30c69e7754547eb0dd232bc29d (patch)
tree0689f18a2de812c7e8e4c269d7b87690aec03e7e /libavformat
parent41dfa629d752145d73e56023a361ce487a3d4e8f (diff)
downloadffmpeg-af606c232a9ecd30c69e7754547eb0dd232bc29d.tar.gz
avformat/mxfdec: check number of index table entires more strictly
Let's ignore the index table if the number of index entries does not match the index duration (or the special AVID index entry counts). Fixes: OOM Fixes: 50551/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6607795234930688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Marton Balint <cus@passwd.hu>
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/mxfdec.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index efd0b9521c..4530617207 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -1937,6 +1937,14 @@ static int mxf_compute_ptses_fake_index(MXFContext *mxf, MXFIndexTable *index_ta
return 0;
}
+ if (s->nb_index_entries != s->index_duration &&
+ s->nb_index_entries != s->index_duration + 1 && /* Avid index */
+ s->nb_index_entries != s->index_duration * 2 + 1) {
+ index_table->nb_ptses = 0;
+ av_log(mxf->fc, AV_LOG_ERROR, "ignoring IndexSID %d, duration does not match nb_index_entries\n", s->index_sid);
+ return 0;
+ }
+
index_table->nb_ptses += s->index_duration;
}