[FFmpeg-cvslog] tools/target_dec_fuzzer: Fix extradata duplication

Michael Niedermayer git at videolan.org
Wed Jul 28 20:33:04 EEST 2021


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Jul 24 18:18:23 2021 +0200| [54b798638e68dcebed5c42a216b403004a97f73e] | committer: Michael Niedermayer

tools/target_dec_fuzzer: Fix extradata duplication

Fixes: out of array access
Fixes: 36340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5872546875572224.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=54b798638e68dcebed5c42a216b403004a97f73e
---

 tools/target_dec_fuzzer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 3e7689b7ec..843b447f83 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -317,7 +317,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     }
     parser_avctx->codec_id = ctx->codec_id;
     parser_avctx->extradata_size = ctx->extradata_size;
-    parser_avctx->extradata      = av_memdup(ctx->extradata, ctx->extradata_size);
+    parser_avctx->extradata      = ctx->extradata ? av_memdup(ctx->extradata, ctx->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE) : NULL;
 
 
     int got_frame;



More information about the ffmpeg-cvslog mailing list