har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/lvfdec: Check stream_index before use

Browse Source 
Fixes: assertion failure
Fixes: 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-11-08 00:17:09 +01:00
parent d16974c3dd
commit b1d99ab14f
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavformat/lvfdec.c
View File

@ -106,6 +106,7 @@ static int lvf_read_packet(AVFormatContext *s, AVPacket *pkt)
unsigned size, flags, timestamp, id;
int64_t pos;
int ret, is_video = 0;
int stream_index;
pos = avio_tell(s->pb);
while (!avio_feof(s->pb)) {
@ -121,12 +122,15 @@ static int lvf_read_packet(AVFormatContext *s, AVPacket *pkt)
case MKTAG('0', '1', 'w', 'b'):
if (size < 8)
return AVERROR_INVALIDDATA;
stream_index = is_video ? 0 : 1;
if (stream_index >= s->nb_streams)
return AVERROR_INVALIDDATA;
timestamp = avio_rl32(s->pb);
flags = avio_rl32(s->pb);
ret = av_get_packet(s->pb, pkt, size - 8);
if (flags & (1 << 12))
pkt->flags |= AV_PKT_FLAG_KEY;
pkt->stream_index = is_video ? 0 : 1;
pkt->stream_index = stream_index;
pkt->pts = timestamp;
pkt->pos = pos;
return ret;