diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2020-11-18 00:58:37 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2020-11-29 16:10:55 +0100 |
commit | eb46939e3ab3e0e4df69486b1a037bffc50493bd (patch) | |
tree | 113da60db0819777d01d878162f4133d11bc5c54 | |
parent | 5eed718087f2ba307a3d1d294016d2ebae9230f3 (diff) |
avformat/cafdec: Check for EOF in index read loop
Fixes: OOM
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavformat/cafdec.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index 06069f2610..c1a9838b06 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -205,6 +205,8 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size) st->duration = 0; for (i = 0; i < num_packets; i++) { + if (avio_feof(pb)) + return AVERROR_INVALIDDATA; av_add_index_entry(s->streams[0], pos, st->duration, 0, 0, AVINDEX_KEYFRAME); pos += caf->bytes_per_packet ? caf->bytes_per_packet : ff_mp4_read_descr_len(pb); st->duration += caf->frames_per_packet ? caf->frames_per_packet : ff_mp4_read_descr_len(pb); |