On Wed, Apr 22, 2020 at 08:10:44PM +1000, Peter Ross wrote: > On Tue, Apr 21, 2020 at 12:03:40AM +0200, Michael Niedermayer wrote: > > Fixes: out of array read > > Fixes: > > 20796/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5111364702175232.fuzz > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/iff.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/libavcodec/iff.c b/libavcodec/iff.c > > index 2e65e266d0..23d19d8a25 100644 > > --- a/libavcodec/iff.c > > +++ b/libavcodec/iff.c > > @@ -722,6 +722,8 @@ static void decode_deep_rle32(uint8_t *dst, const > > uint8_t *src, int src_size, in > > int size = opcode + 1; > > for (i = 0; i < size; i++) { > > int length = FFMIN(size - i, width); > > + if (src_end - src < length) > > + return; > > memcpy(dst + y*linesize + x * 4, src, length * 4); > > src += length * 4; > > x += length; > > hi michael. > > i think the guard should be: > > if (src_end - src < length * 4) > return;
oops, will fix and apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In fact, the RIAA has been known to suggest that students drop out of college or go to community college in order to be able to afford settlements. -- The RIAA
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".