mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2026-07-05 02:53:20 +00:00
avformat/mpegts: use av_fast_realloc() for prg
Fixes: Timeout
Fixes: 514855073/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTS_fuzzer-5074757044469760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f7e6a8ade5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
+12
-2
@@ -173,6 +173,7 @@ struct MpegTSContext {
|
||||
/* scan context */
|
||||
/** structure to keep track of Program->pids mapping */
|
||||
unsigned int nb_prg;
|
||||
unsigned int prg_size; ///< allocated size of prg in bytes
|
||||
struct Program *prg;
|
||||
|
||||
int8_t crc_validity[NB_PID_MAX];
|
||||
@@ -318,17 +319,26 @@ static void clear_programs(MpegTSContext *ts)
|
||||
{
|
||||
av_freep(&ts->prg);
|
||||
ts->nb_prg = 0;
|
||||
ts->prg_size = 0;
|
||||
}
|
||||
|
||||
static struct Program * add_program(MpegTSContext *ts, unsigned int programid)
|
||||
{
|
||||
struct Program *p = get_program(ts, programid);
|
||||
struct Program *tmp = NULL;
|
||||
size_t new_prg_size;
|
||||
if (p)
|
||||
return p;
|
||||
if (av_reallocp_array(&ts->prg, ts->nb_prg + 1, sizeof(*ts->prg)) < 0) {
|
||||
ts->nb_prg = 0;
|
||||
|
||||
if (!av_size_mult(ts->nb_prg + 1, sizeof(*ts->prg), &new_prg_size))
|
||||
tmp = av_fast_realloc(ts->prg, &ts->prg_size,new_prg_size);
|
||||
if (!tmp) {
|
||||
av_freep(&ts->prg);
|
||||
ts->nb_prg = 0;
|
||||
ts->prg_size = 0;
|
||||
return NULL;
|
||||
}
|
||||
ts->prg = tmp;
|
||||
p = &ts->prg[ts->nb_prg];
|
||||
p->id = programid;
|
||||
clear_program(p);
|
||||
|
||||
Reference in New Issue
Block a user