Browse code
avformat/vividas: check for tiny blocks using alignment
Ask for a sample for these
Fixes: out of array access
Fixes: 16624/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5762455661182976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d4e22d71ca75223ee61f7d2535fdc6e9991026)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2019/09/01 06:20:01Showing 1 changed files
| ... | ... |
@@ -153,6 +153,10 @@ static void decode_block(uint8_t *src, uint8_t *dest, unsigned size, |
| 153 | 153 |
|
| 154 | 154 |
if (align) {
|
| 155 | 155 |
uint32_t tmpkey = *key_ptr - key; |
| 156 |
+ if (a2 > s) {
|
|
| 157 |
+ a2 = s; |
|
| 158 |
+ avpriv_request_sample(NULL, "tiny aligned block\n"); |
|
| 159 |
+ } |
|
| 156 | 160 |
memcpy(tmp + align, src, a2); |
| 157 | 161 |
xor_block(tmp, tmp, 4, key, &tmpkey); |
| 158 | 162 |
memcpy(dest, tmp + align, a2); |