Skip to content

Commit fc922ca

Browse files
zcbenzzcbenz
authored
chore: cherry-pick fix from chromium issue 1065731 (electron#24596)
1 parent ca0241e commit fc922ca

File tree

3 files changed

+34
-1
lines changed

3 files changed

+34
-1
lines changed

patches/config.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,5 +19,7 @@
1919

2020
"src/electron/patches/usrsctp": "src/third_party/usrsctp/usrsctplib",
2121

22-
"src/electron/patches/pdfium": "src/third_party/pdfium"
22+
"src/electron/patches/pdfium": "src/third_party/pdfium",
23+
24+
"src/electron/patches/ffmpeg": "src/third_party/ffmpeg"
2325
}

patches/ffmpeg/.patches

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
backport_1065731.patch

patches/ffmpeg/backport_1065731.patch

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2+
From: Cheng Zhao <zcbenz@gmail.com>
3+
Date: Thu, 4 Oct 2018 14:57:02 -0700
4+
Subject: fix: check return value from avio_read()
5+
6+
[1065731] [Medium]: audio_decoder_fuzzer: Use-of-uninitialized-value in amr_read_header
7+
Backport https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/5b967f56b6d85f62446836fc8ef64d0dcfcbda17
8+
9+
diff --git a/libavformat/amr.c b/libavformat/amr.c
10+
index 42840a50a300ff23d6ddfa56a1410770f0fdbd59..a963eb3ded78671e48d5bc36397c39281f431d21 100644
11+
--- a/libavformat/amr.c
12+
+++ b/libavformat/amr.c
13+
@@ -90,13 +90,15 @@ static int amr_read_header(AVFormatContext *s)
14+
AVStream *st;
15+
uint8_t header[9];
16+
17+
- avio_read(pb, header, 6);
18+
+ if (avio_read(pb, header, 6) != 6)
19+
+ return AVERROR_INVALIDDATA;
20+
21+
st = avformat_new_stream(s, NULL);
22+
if (!st)
23+
return AVERROR(ENOMEM);
24+
if (memcmp(header, AMR_header, 6)) {
25+
- avio_read(pb, header + 6, 3);
26+
+ if (avio_read(pb, header + 6, 3) != 3)
27+
+ return AVERROR_INVALIDDATA;
28+
if (memcmp(header, AMRWB_header, 9)) {
29+
return -1;
30+
}

0 commit comments

Comments
 (0)