ffmpeg | branch: master | Timo Rothenpieler <t...@rothenpieler.org> | Mon Jul 14 21:54:35 2025 +0200| [9015d595a115abad4428a61ac86002a06c90ce0b] | committer: Timo Rothenpieler
avformat/flvdec: don't skip backwards or over EOF Skipping backwards (and even forwards) resets the EOF flag, and can thus lead to infinite looping if the conditions are just right. Fixes: Infinite loop Fixes: 427538726/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-6582567304495104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Timo Rothenpieler <t...@rothenpieler.org> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9015d595a115abad4428a61ac86002a06c90ce0b --- libavformat/flvdec.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index b90ed34b1c..de5e688822 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -1860,8 +1860,16 @@ retry_duration: next_track: if (track_size) { av_log(s, AV_LOG_WARNING, "Track size mismatch: %d!\n", track_size); - avio_skip(s->pb, track_size); - size -= track_size; + if (!avio_feof(s->pb)) { + if (track_size > 0) { + avio_skip(s->pb, track_size); + size -= track_size; + } else { + /* We have somehow read more than the track had to offer, leave and re-sync */ + ret = FFERROR_REDO; + goto leave; + } + } } if (!size) _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
