On 1/13/2023 5:49 PM, Michael Niedermayer wrote:
On Thu, Jan 12, 2023 at 09:11:35PM -0300, James Almer wrote:
On 1/12/2023 9:01 PM, Michael Niedermayer wrote:
Fixes:OOM
Fixes:out of array access (no testcase)
Fixes:
48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-6573323838685184
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/xpmdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/xpmdec.c b/libavcodec/xpmdec.c
index ff1f51dd32..504cc47d8f 100644
--- a/libavcodec/xpmdec.c
+++ b/libavcodec/xpmdec.c
@@ -356,6 +356,9 @@ static int xpm_decode_frame(AVCodecContext *avctx, AVFrame
*p,
size *= 4;
+ if (size > SIZE_MAX)
+ return AVERROR(ENOMEM);
Maybe check for (size > SIZE_MAX / 4) before the multiplication above
instead.
what is the advantage of this ?
An int64_t value will never be bigger than or equal to SIZE_MAX on 64
bits targets, so maybe some compiler out there will warn about it.
thx
[...]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
