mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2026-02-07 02:10:00 +00:00
304208d40c
Fixes: out of array write
Fixes: 64407/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_MP4TOANNEXB_fuzzer-4966763443650560
mp4toannexb_filter counts the number of bytes needed in the first
pass and allocate the memory, then do memcpy in the second pass.
Update sps/pps size in the loop makes the count invalid in the
case of SPS/PPS occur after IDR slice. This patch process in-band
SPS/PPS before the two pass loops.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| aac_adtstoasc.c | ||
| av1_frame_merge.c | ||
| av1_frame_split.c | ||
| av1_metadata.c | ||
| chomp.c | ||
| dca_core.c | ||
| dts2pts.c | ||
| dump_extradata.c | ||
| dv_error_marker.c | ||
| eac3_core.c | ||
| evc_frame_merge.c | ||
| extract_extradata.c | ||
| filter_units.c | ||
| h264_metadata.c | ||
| h264_mp4toannexb.c | ||
| h264_redundant_pps.c | ||
| h265_metadata.c | ||
| h266_metadata.c | ||
| hapqa_extract.c | ||
| hevc_mp4toannexb.c | ||
| imx_dump_header.c | ||
| Makefile | ||
| media100_to_mjpegb.c | ||
| mjpeg2jpeg.c | ||
| mjpega_dump_header.c | ||
| movsub.c | ||
| mpeg2_metadata.c | ||
| mpeg4_unpack_bframes.c | ||
| noise.c | ||
| null.c | ||
| opus_metadata.c | ||
| pcm_rechunk.c | ||
| pgs_frame_merge.c | ||
| prores_metadata.c | ||
| remove_extradata.c | ||
| setts.c | ||
| showinfo.c | ||
| trace_headers.c | ||
| truehd_core.c | ||
| vp9_metadata.c | ||
| vp9_raw_reorder.c | ||
| vp9_superframe.c | ||
| vp9_superframe_split.c | ||
| vvc_mp4toannexb.c | ||