har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/matroskadec: Reset state also on failure in matroska_reset_status()

Browse Source 
The calling code does not handle failures and will fail with assertion failures later.
Seeking can always fail even when the position was previously read.

Fixes: Assertion failure
Fixes: 35253/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4693059982983168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-06-24 19:53:47 +02:00
parent 57b14879b9
commit d115eec979
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
libavformat/matroskadec.c
View File

@ -803,20 +803,22 @@ static const char *const matroska_doctypes[] = { "matroska", "webm" };
static int matroska_reset_status(MatroskaDemuxContext *matroska, static int matroska_reset_status(MatroskaDemuxContext *matroska,
uint32_t id, int64_t position) uint32_t id, int64_t position)
{ {
int64_t err = 0;
if (position >= 0) { if (position >= 0) {
int64_t err = avio_seek(matroska->ctx->pb, position, SEEK_SET); err = avio_seek(matroska->ctx->pb, position, SEEK_SET);
if (err < 0) if (err > 0)
return err; err = 0;
} } else
position = avio_tell(matroska->ctx->pb);
matroska->current_id = id; matroska->current_id = id;
matroska->num_levels = 1; matroska->num_levels = 1;
matroska->unknown_count = 0; matroska->unknown_count = 0;
matroska->resync_pos = avio_tell(matroska->ctx->pb); matroska->resync_pos = position;
if (id) if (id)
matroska->resync_pos -= (av_log2(id) + 7) / 8; matroska->resync_pos -= (av_log2(id) + 7) / 8;
return 0; return err;
} }
static int matroska_resync(MatroskaDemuxContext *matroska, int64_t last_pos) static int matroska_resync(MatroskaDemuxContext *matroska, int64_t last_pos)
@ -1872,6 +1874,7 @@ static int matroska_parse_seekhead_entry(MatroskaDemuxContext *matroska,
uint32_t saved_id = matroska->current_id; uint32_t saved_id = matroska->current_id;
int64_t before_pos = avio_tell(matroska->ctx->pb); int64_t before_pos = avio_tell(matroska->ctx->pb);
int ret = 0; int ret = 0;
int ret2;
/* seek */ /* seek */
if (avio_seek(matroska->ctx->pb, pos, SEEK_SET) == pos) { if (avio_seek(matroska->ctx->pb, pos, SEEK_SET) == pos) {
@ -1896,7 +1899,9 @@ static int matroska_parse_seekhead_entry(MatroskaDemuxContext *matroska,
} }
/* Seek back - notice that in all instances where this is used /* Seek back - notice that in all instances where this is used
* it is safe to set the level to 1. */ * it is safe to set the level to 1. */
matroska_reset_status(matroska, saved_id, before_pos); ret2 = matroska_reset_status(matroska, saved_id, before_pos);
if (ret >= 0)
ret = ret2;
return ret; return ret;
} }