github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-20 12:50:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

avformat/hxvs: Do not allow backward steps in hxvs_probe()

Browse Source 
Fixes: infinite loop
Fixes: 487632033/clusterfuzz-testcase-minimized-ffmpeg_dem_IMAGE2_fuzzer-4565877872984064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-03-05 16:38:03 +01:00
parent f84c859ec5
commit 4ccad70d57
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/hxvs.c
View File

@@ -118,6 +118,10 @@ static int hxvs_probe(const AVProbeData *p)
i += 4;
if (tag == HXVF || tag == HXAF) {
bytes = AV_RL32(&p->buf[i]);
if (12 + bytes > INT_MAX - i)
return 0;
i += 12 + bytes;
flag |= (tag == HXVF) ? 2 : 4;
continue;