Found by Chrome's ClusterFuzz: http://crbug.com/846662.
Signed-off-by: Jacob Trimble <modma...@google.com> --- libavutil/encryption_info.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavutil/encryption_info.c b/libavutil/encryption_info.c index 20a752d6b4..a48ded922c 100644 --- a/libavutil/encryption_info.c +++ b/libavutil/encryption_info.c @@ -64,6 +64,8 @@ AVEncryptionInfo *av_encryption_info_clone(const AVEncryptionInfo *info) { AVEncryptionInfo *ret; + if (!info) + return NULL; ret = av_encryption_info_alloc(info->subsample_count, info->key_id_size, info->iv_size); if (!ret) return NULL; @@ -127,7 +129,7 @@ uint8_t *av_encryption_info_add_side_data(const AVEncryptionInfo *info, size_t * uint8_t *buffer, *cur_buffer; uint32_t i; - if (UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA < info->key_id_size || + if (!info || !size || UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA < info->key_id_size || UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA - info->key_id_size < info->iv_size || (UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA - info->key_id_size - info->iv_size) / 8 < info->subsample_count) { return NULL; @@ -260,7 +262,8 @@ uint8_t *av_encryption_init_info_add_side_data(const AVEncryptionInitInfo *info, uint8_t *buffer, *cur_buffer; uint32_t i, max_size; - if (UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA < info->system_id_size || + if (!info || !side_data_size || + UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA < info->system_id_size || UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA - info->system_id_size < info->data_size) { return NULL; } -- 2.17.0.921.gf22659ad46-goog _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel