[FFmpeg-devel] [PATCH 1/2] avformat/mxfdec: Check klv offset
Tomas Härdin
git at haerdin.se
Wed Oct 18 21:29:16 EEST 2023
ons 2023-10-18 klockan 02:49 +0200 skrev Michael Niedermayer:
> Fixes: Assertion klv_offset >= mxf->run_in failed at
> libavformat/mxfdec.c:736
> Fixes: 62936/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
> 5778404366221312.fuzz
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/mxfdec.c | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index 68939091e6..f2ec508b72 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -458,12 +458,15 @@ static int mxf_read_sync(AVIOContext *pb, const
> uint8_t *key, unsigned size)
> return i == size;
> }
>
> -static int klv_read_packet(KLVPacket *klv, AVIOContext *pb)
> +static int klv_read_packet(MXFContext *mxf, KLVPacket *klv,
> AVIOContext *pb)
> {
> int64_t length, pos;
> if (!mxf_read_sync(pb, mxf_klv_key, 4))
> return AVERROR_INVALIDDATA;
> klv->offset = avio_tell(pb) - 4;
> + if (klv->offset < mxf->run_in)
One stray space in there which of course can be fixed when pushing
Looks OK
/Tomas
More information about the ffmpeg-devel
mailing list