On Wed, Apr 01, 2020 at 01:55:12PM -0700, John Rummell wrote: > Updated to return AVERROR_INVALIDDATA. > > On Wed, Apr 1, 2020 at 12:33 PM Michael Niedermayer <mich...@niedermayer.cc> > wrote: > > > On Mon, Mar 30, 2020 at 09:48:13PM -0700, John Rummell wrote: > > > Hit send too soon. Patch attached. > > > > > > On Mon, Mar 30, 2020 at 9:44 PM John Rummell <jrumm...@chromium.org> > > wrote: > > > > > > > Another uninitialized memory access detected by the Chromium fuzzers. > > > > > > > > > amr.c | 6 ++++-- > > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > db486a31c1d3c7f4f51a7e5f5333f871744d6c87 > > 0001-libavformat-amr.c-Check-return-value-from-avio_read.patch > > > From 0ef90d64a760f730652f3832da2abca47cff62d6 Mon Sep 17 00:00:00 2001 > > > From: John Rummell <jrumm...@chromium.org> > > > Date: Mon, 30 Mar 2020 21:30:33 -0700 > > > Subject: [PATCH] libavformat/amr.c: Check return value from avio_read() > > > > > > If the buffer doesn't contain enough bytes when reading a stream, > > > fail rather than continuing on with initialized data. Caught by > > > Chromium fuzzeras (crbug.com/1065731). > > > --- > > > libavformat/amr.c | 6 ++++-- > > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > > > diff --git a/libavformat/amr.c b/libavformat/amr.c > > > index eccbbde5b0..8570d43302 100644 > > > --- a/libavformat/amr.c > > > +++ b/libavformat/amr.c > > > @@ -89,13 +89,15 @@ static int amr_read_header(AVFormatContext *s) > > > AVStream *st; > > > uint8_t header[9]; > > > > > > - avio_read(pb, header, 6); > > > + if (avio_read(pb, header, 6) != 6) > > > + return -1; > > > > > > st = avformat_new_stream(s, NULL); > > > if (!st) > > > return AVERROR(ENOMEM); > > > if (memcmp(header, AMR_header, 6)) { > > > - avio_read(pb, header + 6, 3); > > > + if (avio_read(pb, header + 6, 3) != 3) > > > + return -1; > > > > I see some of the existing code uses -1 instead of AVERROR* > > but i think for newly added cases AVERROR* codes would be better > > > > thx > > > > [...] > > > > -- > > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > > > Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > To unsubscribe, visit link above, or email > > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
> amr.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > 193bfc49b025e3cf58b28a53b38eb2e02a1e0e5f > 0001-libavformat-amr.c-Check-return-value-from-avio_read.patch > From 1d6313c4354f88ea985b32b6cc0255081a3fff7b Mon Sep 17 00:00:00 2001 > From: John Rummell <jrumm...@chromium.org> > Date: Mon, 30 Mar 2020 21:30:33 -0700 > Subject: [PATCH] libavformat/amr.c: Check return value from avio_read() > > If the buffer doesn't contain enough bytes when reading a stream, > fail rather than continuing on with initialized data. Caught by > Chromium fuzzeras (crbug.com/1065731). > --- > libavformat/amr.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If you think the mosad wants you dead since a long time then you are either wrong or dead since a long time.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".