This combination causes 0 size arrays to be allocated and to leak later Fixes: memleak Fixes: 64342/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4520993686945792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mov.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 8d1135270c..f954b924a0 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -6994,6 +6994,9 @@ static int mov_read_saiz(MOVContext *c, AVIOContext *pb, MOVAtom atom) sample_count = avio_rb32(pb); if (encryption_index->auxiliary_info_default_size == 0) { + if (sample_count == 0) + return AVERROR_INVALIDDATA; + encryption_index->auxiliary_info_sizes = av_malloc(sample_count); if (!encryption_index->auxiliary_info_sizes) return AVERROR(ENOMEM); -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
