[FFmpeg-devel] [PATCH] avformat/icodec: Fix crash probing fuzzed file
Mark Harris
mark.hsj at gmail.com
Mon Feb 15 18:57:51 CET 2016
Avoid invalid memory read/crash when ico offset >= 0xfffffff8.
Base64-encoded example: AAABADAwMDAwMAAAMAAwMDAw/P///w==
---
libavformat/icodec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/icodec.c b/libavformat/icodec.c
index 6ddb901..8f84337 100644
--- a/libavformat/icodec.c
+++ b/libavformat/icodec.c
@@ -60,7 +60,7 @@ static int probe(AVProbeData *p)
offset = AV_RL32(p->buf + 18 + i * 16);
if (offset < 22)
return FFMIN(i, AVPROBE_SCORE_MAX / 4);
- if (offset + 8 > p->buf_size)
+ if (offset > p->buf_size - 8)
return AVPROBE_SCORE_MAX / 4 + FFMIN(i, 1);
if (p->buf[offset] != 40 && AV_RB64(p->buf + offset) != PNGSIG)
return FFMIN(i, AVPROBE_SCORE_MAX / 4);
--
2.7.1
More information about the ffmpeg-devel
mailing list