[FFmpeg-cvslog] avformat/av1dec: Better fix for 70872/clusterfuzz-testcase-minimized-ffmpeg_dem_OBU_fuzzer-6005782487826432

Michael Niedermayer git at videolan.org
Wed Aug 14 20:09:55 EEST 2024


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Aug  3 18:35:48 2024 +0200| [7ad937f0c8cb9f120c50f3e792a699076923768e] | committer: Michael Niedermayer

avformat/av1dec: Better fix for 70872/clusterfuzz-testcase-minimized-ffmpeg_dem_OBU_fuzzer-6005782487826432

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ad937f0c8cb9f120c50f3e792a699076923768e
---

 libavformat/av1dec.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
index a5b620a0ab..8c0b8fe975 100644
--- a/libavformat/av1dec.c
+++ b/libavformat/av1dec.c
@@ -326,9 +326,6 @@ static int read_obu_with_size(const uint8_t *buf, int buf_size, int64_t *obu_siz
         skip_bits(&gb, 3);  // extension_header_reserved_3bits
     }
 
-    if (get_bits_left(&gb) < 8)
-        return AVERROR_INVALIDDATA;
-
     *obu_size  = get_leb128(&gb);
     if (*obu_size > INT_MAX)
         return AVERROR_INVALIDDATA;
@@ -382,6 +379,7 @@ static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
     if (size < 0)
         return size;
 
+    memset(header + size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
     len = read_obu_with_size(header, size, &obu_size, &type);
     if (len < 0) {
         av_log(c, AV_LOG_ERROR, "Failed to read obu\n");



More information about the ffmpeg-cvslog mailing list