[FFmpeg-cvslog] avcodec/sanm: Check extradata_size before allocations
Michael Niedermayer
git at videolan.org
Mon Aug 5 20:50:49 EEST 2019
ffmpeg | branch: release/4.2 | Michael Niedermayer <michael at niedermayer.cc> | Mon Jul 15 23:26:05 2019 +0200| [6443b95de666cae87ae87b53d56538c9c02d30c5] | committer: Michael Niedermayer
avcodec/sanm: Check extradata_size before allocations
Fixes: Leaks
Fixes: 15349/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5102530557640704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 172a43ce36e671fdab63afe1c06876bba91445b3)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6443b95de666cae87ae87b53d56538c9c02d30c5
---
libavcodec/sanm.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c
index 25aee7220f..d0000ebd0c 100644
--- a/libavcodec/sanm.c
+++ b/libavcodec/sanm.c
@@ -491,6 +491,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
ctx->avctx = avctx;
ctx->version = !avctx->extradata_size;
+ // early sanity check before allocations to avoid need for deallocation code.
+ if (!ctx->version && avctx->extradata_size < 1026) {
+ av_log(avctx, AV_LOG_ERROR, "Not enough extradata.\n");
+ return AVERROR_INVALIDDATA;
+ }
avctx->pix_fmt = ctx->version ? AV_PIX_FMT_RGB565 : AV_PIX_FMT_PAL8;
@@ -506,11 +511,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
if (!ctx->version) {
int i;
- if (avctx->extradata_size < 1026) {
- av_log(avctx, AV_LOG_ERROR, "Not enough extradata.\n");
- return AVERROR_INVALIDDATA;
- }
-
ctx->subversion = AV_RL16(avctx->extradata);
for (i = 0; i < PALETTE_SIZE; i++)
ctx->pal[i] = 0xFFU << 24 | AV_RL32(avctx->extradata + 2 + i * 4);
More information about the ffmpeg-cvslog
mailing list