avformat/wavdec: Check for EOF in cues reading

Fixes: Timeout (>20sec -> 1ms) Fixes: 26793/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5674966852567040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-11-01 22:18:49 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-12-05 00:08:33 +0100
commit: 72ca9f38e42169d3d0efdad5fd4019b1abe4f152 (patch)
tree: 6565c3de2297f728dcd7f7df0b74cf791755e6ec /libavformat/wavdec.c
parent: a834af133b1fe8f29b4075808710ffd98abcac40 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c
index df6030a42d..67ab620347 100644
--- a/libavformat/wavdec.c
+++ b/libavformat/wavdec.c
@@ -558,6 +558,9 @@ static int wav_read_header(AVFormatContext *s)
                     for (int i = 0; i < nb_cues; i++) {
                         unsigned offset, id = avio_rl32(pb);
 
+                        if (avio_feof(pb))
+                            return AVERROR_INVALIDDATA;
+
                         avio_skip(pb, 16);
                         offset = avio_rl32(pb);
author	Michael Niedermayer <michael@niedermayer.cc>	2020-11-01 22:18:49 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-12-05 00:08:33 +0100
commit	72ca9f38e42169d3d0efdad5fd4019b1abe4f152 (patch)
tree	6565c3de2297f728dcd7f7df0b74cf791755e6ec /libavformat/wavdec.c
parent	a834af133b1fe8f29b4075808710ffd98abcac40 (diff)