xaymar/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/concat: guard total_size overflow

Browse Source 
Fixes: 466797413/clusterfuzz-testcase-minimized-fuzzer_options_parser-6015183727427584
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
This commit is contained in:
Kacper Michajłow
2026-03-22 21:24:25 +01:00
parent be207a0d66
commit 702b0784b7
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavformat/concat.c
+12
View File
@@ -114,6 +114,12 @@ static av_cold int concat_open(URLContext *h, const char *uri, int flags)
break;
}
if (total_size > INT64_MAX - size) {
ffurl_close(uc);
err = AVERROR_INVALIDDATA;
break;
}
/* assembling */
nodes[i].uc = uc;
nodes[i].size = size;
@@ -284,6 +290,12 @@ static av_cold int concatf_open(URLContext *h, const char *uri, int flags)
break;
}
if (total_size > INT64_MAX - size) {
ffurl_close(uc);
err = AVERROR_INVALIDDATA;
break;
}
nodes = av_fast_realloc(data->nodes, &nodes_size, sizeof(*nodes) * len);
if (!nodes) {
ffurl_close(uc);