• Zhao Zhili's avatar
    avcodec/h264_mp4toannexb: Fix heap buffer overflow · 89e9486b
    Zhao Zhili authored
    Fixes: out of array write
    Fixes: 64407/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_MP4TOANNEXB_fuzzer-4966763443650560
    
    mp4toannexb_filter counts the number of bytes needed in the first
    pass and allocate the memory, then do memcpy in the second pass.
    Update sps/pps size in the loop makes the count invalid in the
    case of SPS/PPS occur after IDR slice. This patch process in-band
    SPS/PPS before the two pass loops.
    Signed-off-by: 's avatarZhao Zhili <zhilizhao@tencent.com>
    89e9486b
h264_mp4toannexb.c 13.8 KB