avformat/id3v2: Check against max compression ratio before allocation

Fixes: Timeout (>10sec -> 12ms) Fixes: 27612/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-6605893000757248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-28 23:43:23 +01:00 · 2020-11-28 23:43:23 +01:00 · c48110a4a4
commit c48110a4a4
parent 7d7ae68972
1 changed files with 2 additions and 0 deletions
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@ -995,6 +995,8 @@ static void id3v2_parse(AVIOContext *pb, AVDictionary **metadata,

                    if (tlen <= 0)
                        goto seek;
+                    if (dlen / 32768 > tlen)
+                        goto seek;

                    av_fast_malloc(&uncompressed_buffer, &uncompressed_buffer_size, dlen);
                    if (!uncompressed_buffer) {