db032688df
Convert multimedia/mythtv-frontend to a slave port of multimedia/mythtv which should make future updates much easier. Upstream security patches have been added to address known vulnerabilities in the bundled ffmpeg 3.2. PR: 225652 (initial patches to update to 29.0) [1] Submitted by: <lucylangthorne55@gmail.com> [1] Differential Revision: https://reviews.freebsd.org/D14563
37 lines
1.5 KiB
Text
37 lines
1.5 KiB
Text
From bd6c1d5149fbc4f2a0200ad99e7f56f4fb7d518a Mon Sep 17 00:00:00 2001
|
|
From: Michael Niedermayer <michael@niedermayer.cc>
|
|
Date: Mon, 23 Jan 2017 01:25:27 +0100
|
|
Subject: [PATCH] avcodec/pngdec: Fix off by 1 size in decode_zbuf()
|
|
|
|
Fixes out of array access
|
|
Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer
|
|
|
|
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
|
|
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
(cherry picked from commit e371f031b942d73e02c090170975561fabd5c264)
|
|
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
---
|
|
libavcodec/pngdec.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git libavcodec/pngdec.c libavcodec/pngdec.c
|
|
index 36275ae43f5..7ade0cee661 100644
|
|
--- external/FFmpeg/libavcodec/pngdec.c
|
|
+++ external/FFmpeg/libavcodec/pngdec.c
|
|
@@ -437,13 +437,13 @@ static int decode_zbuf(AVBPrint *bp, const uint8_t *data,
|
|
av_bprint_init(bp, 0, -1);
|
|
|
|
while (zstream.avail_in > 0) {
|
|
- av_bprint_get_buffer(bp, 1, &buf, &buf_size);
|
|
- if (!buf_size) {
|
|
+ av_bprint_get_buffer(bp, 2, &buf, &buf_size);
|
|
+ if (buf_size < 2) {
|
|
ret = AVERROR(ENOMEM);
|
|
goto fail;
|
|
}
|
|
zstream.next_out = buf;
|
|
- zstream.avail_out = buf_size;
|
|
+ zstream.avail_out = buf_size - 1;
|
|
ret = inflate(&zstream, Z_PARTIAL_FLUSH);
|
|
if (ret != Z_OK && ret != Z_STREAM_END) {
|
|
ret = AVERROR_EXTERNAL;
|