PR #23426 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23426 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23426.patch
Fixes: Timeout Fixes: 514855073/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTS_fuzzer-5074757044469760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 5336c8b6ba78f869d2705755216183ca0a113920 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 4 Jun 2026 21:19:18 +0200 Subject: [PATCH] avformat/mpegts: use av_fast_realloc() for prg Fixes: Timeout Fixes: 514855073/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTS_fuzzer-5074757044469760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mpegts.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 486b4a2176..e1659e0cd0 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -185,6 +185,7 @@ struct MpegTSContext { /* scan context */ /** structure to keep track of Program->pids mapping */ unsigned int nb_prg; + unsigned int prg_size; ///< allocated size of prg in bytes struct Program *prg; int8_t crc_validity[NB_PID_MAX]; @@ -332,17 +333,24 @@ static void clear_programs(MpegTSContext *ts) { av_freep(&ts->prg); ts->nb_prg = 0; + ts->prg_size = 0; } static struct Program * add_program(MpegTSContext *ts, unsigned int programid) { struct Program *p = get_program(ts, programid); + struct Program *tmp; if (p) return p; - if (av_reallocp_array(&ts->prg, ts->nb_prg + 1, sizeof(*ts->prg)) < 0) { - ts->nb_prg = 0; + tmp = av_fast_realloc(ts->prg, &ts->prg_size, + (ts->nb_prg + 1) * sizeof(*ts->prg)); + if (!tmp) { + av_freep(&ts->prg); + ts->nb_prg = 0; + ts->prg_size = 0; return NULL; } + ts->prg = tmp; p = &ts->prg[ts->nb_prg]; p->id = programid; clear_program(p); -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
