| Message ID | 20201025230059.16740-4-michael@niedermayer.cc |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,1/4] avcodec/av1dec: Check for unset obu instead of crashing | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
On 26/10/20 9:00 am, Michael Niedermayer wrote: > > Fixes: Assertion failure > Fixes: 26572/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-5166735591997440 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/argo_brp.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/libavformat/argo_brp.c b/libavformat/argo_brp.c > index fdc552af14..48e0cd6aa4 100644 > --- a/libavformat/argo_brp.c > +++ b/libavformat/argo_brp.c > @@ -403,7 +403,8 @@ static int argo_brp_read_packet(AVFormatContext *s, AVPacket *pkt) > pkt->duration = ckhdr.num_samples * ckhdr.num_blocks; > pkt->pts = av_rescale_rnd(blk.start_ms, ckhdr.sample_rate, 1000, AV_ROUND_UP); > } else if (shdr->codec_id == BRP_CODEC_ID_BVID) { > - pkt->duration = av_rescale_rnd(1, st->duration, shdr->extradata.bvid.num_frames, AV_ROUND_UP); > + if (shdr->extradata.bvid.num_frames) > + pkt->duration = av_rescale_rnd(1, st->duration, shdr->extradata.bvid.num_frames, AV_ROUND_UP); > pkt->pts = blk.start_ms; > } else { > pkt->pts = blk.start_ms; > -- > 2.17.1 num_frames should never be 0. Will send fix shortly.
diff --git a/libavformat/argo_brp.c b/libavformat/argo_brp.c index fdc552af14..48e0cd6aa4 100644 --- a/libavformat/argo_brp.c +++ b/libavformat/argo_brp.c @@ -403,7 +403,8 @@ static int argo_brp_read_packet(AVFormatContext *s, AVPacket *pkt) pkt->duration = ckhdr.num_samples * ckhdr.num_blocks; pkt->pts = av_rescale_rnd(blk.start_ms, ckhdr.sample_rate, 1000, AV_ROUND_UP); } else if (shdr->codec_id == BRP_CODEC_ID_BVID) { - pkt->duration = av_rescale_rnd(1, st->duration, shdr->extradata.bvid.num_frames, AV_ROUND_UP); + if (shdr->extradata.bvid.num_frames) + pkt->duration = av_rescale_rnd(1, st->duration, shdr->extradata.bvid.num_frames, AV_ROUND_UP); pkt->pts = blk.start_ms; } else { pkt->pts = blk.start_ms;
Fixes: Assertion failure Fixes: 26572/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-5166735591997440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/argo_brp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)