[FFmpeg-cvslog] avformat/av1dec: Better fix for 70872/clusterfuzz-testcase-minimized-ffmpeg_dem_OBU_fuzzer-6005782487826432
Michael Niedermayer
git at videolan.org
Wed Aug 14 20:09:55 EEST 2024
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Aug 3 18:35:48 2024 +0200| [7ad937f0c8cb9f120c50f3e792a699076923768e] | committer: Michael Niedermayer
avformat/av1dec: Better fix for 70872/clusterfuzz-testcase-minimized-ffmpeg_dem_OBU_fuzzer-6005782487826432
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ad937f0c8cb9f120c50f3e792a699076923768e
---
libavformat/av1dec.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
index a5b620a0ab..8c0b8fe975 100644
--- a/libavformat/av1dec.c
+++ b/libavformat/av1dec.c
@@ -326,9 +326,6 @@ static int read_obu_with_size(const uint8_t *buf, int buf_size, int64_t *obu_siz
skip_bits(&gb, 3); // extension_header_reserved_3bits
}
- if (get_bits_left(&gb) < 8)
- return AVERROR_INVALIDDATA;
-
*obu_size = get_leb128(&gb);
if (*obu_size > INT_MAX)
return AVERROR_INVALIDDATA;
@@ -382,6 +379,7 @@ static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
if (size < 0)
return size;
+ memset(header + size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
len = read_obu_with_size(header, size, &obu_size, &type);
if (len < 0) {
av_log(c, AV_LOG_ERROR, "Failed to read obu\n");
More information about the ffmpeg-cvslog
mailing list