On Tue, Jan 31, 2023 at 12:21:24PM +0100, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: OOM
> > Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/lafdec.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
> > index d02b479c4d..b78ec3649c 100644
> > --- a/libavformat/lafdec.c
> > +++ b/libavformat/lafdec.c
> > @@ -208,6 +208,8 @@ again:
> >          ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp);
> >          if (ret < 0)
> >              return ret;
> > +        if (ret != st_count * st->codecpar->sample_rate * bpp)
> > +            return AVERROR_INVALIDDATA;
> >      }
> >  
> >      st = ctx->streams[s->index];
> 
> ffio_read()

I assume you mean ffio_read_size(), will use that

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I have often repented speaking, but never of holding my tongue.
-- Xenocrates