third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2509 from mohamedchebbii/FUZZ_VIDEO

Browse Source 
fuzz issue : check that block is not corrupted before decoding
This commit is contained in:
Kevin Backhouse 2023-02-13 16:31:57 +00:00 committed by GitHub
commit b456628557
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/asfvideo.cpp
View File

@ -252,9 +252,14 @@ AsfVideo::HeaderReader::HeaderReader(BasicIo::UniquePtr& io) : IdBuf_(GUID) {
}
void AsfVideo::decodeBlock() {
Internal::enforce(GUID + io_->tell() < io_->size(), Exiv2::ErrorCode::kerCorruptedMetadata);
HeaderReader others(io_);
auto tag = GUIDReferenceTags.find(GUIDTag(others.getId().data()));
Internal::enforce(GUID + QWORD + io_->tell() <= io_->size(), Exiv2::ErrorCode::kerCorruptedMetadata);
HeaderReader objectHeader(io_);
#ifdef EXIV2_DEBUG_MESSAGES
EXV_INFO << "decodeBlock = " << GUIDTag(objectHeader.getId().data()).to_string()
<< "\tsize= " << objectHeader.getSize() << "\t " << io_->tell() << "/" << io_->size() << std::endl;
#endif
Internal::enforce(objectHeader.getSize() + io_->tell() <= io_->size(), Exiv2::ErrorCode::kerCorruptedMetadata);
auto tag = GUIDReferenceTags.find(GUIDTag(objectHeader.getId().data()));
if (tag != GUIDReferenceTags.end()) {
if (tag->second == "Header")
@ -277,11 +282,12 @@ void AsfVideo::decodeBlock() {
DegradableJPEGMedia();
else // tag found but not processed
{
io_->seekOrThrow(io_->tell() + others.getRemainingSize(), BasicIo::beg, ErrorCode::kerFailedToReadImageData);
io_->seekOrThrow(io_->tell() + objectHeader.getRemainingSize(), BasicIo::beg,
ErrorCode::kerFailedToReadImageData);
}
} else // tag not found
{
io_->seekOrThrow(io_->tell() + others.getRemainingSize(), BasicIo::beg, ErrorCode::kerFailedToReadImageData);
io_->seekOrThrow(io_->tell() + objectHeader.getRemainingSize(), BasicIo::beg, ErrorCode::kerFailedToReadImageData);
}
} // AsfVideo::decodeBlock
@ -481,7 +487,8 @@ void AsfVideo::fileProperties() {
xmpData()["Xmp.video.SendDuration"] = readQWORDTag(io_);
xmpData()["Xmp.video.Preroll"] = readQWORDTag(io_);
io_->seek(io_->tell() + DWORD + DWORD + DWORD, BasicIo::beg);
io_->seek(io_->tell() + DWORD + DWORD + DWORD,
BasicIo::beg); // ignore Flags, Minimum Data Packet Size and Maximum Data Packet Size
xmpData()["Xmp.video.MaxBitRate"] = readDWORDTag(io_);
} // AsfVideo::fileProperties