| Message ID | 20201123004304.23464-3-michael@niedermayer.cc |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,1/6] avcodec/vp9dsp_template: Fix integer overflows in itxfm_wrapper | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
On Mon, Nov 23, 2020 at 01:43:01AM +0100, Michael Niedermayer wrote: > Fixes: Assertion c > 0 failed at libavutil/mathematics.c > Fixes: 27001/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5726041328582656 > Fixes: 27453/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5716060384526336 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/vividas.c | 2 ++ > 1 file changed, 2 insertions(+) will apply [...]
diff --git a/libavformat/vividas.c b/libavformat/vividas.c index 4adc125439..96e0631b06 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -373,6 +373,8 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t * avio_rl16(pb); //codec_subid st->codecpar->channels = avio_rl16(pb); // channels st->codecpar->sample_rate = avio_rl32(pb); // sample_rate + if (st->codecpar->sample_rate <= 0) + return AVERROR_INVALIDDATA; avio_seek(pb, 10, SEEK_CUR); // data_1 q = avio_r8(pb); avio_seek(pb, q, SEEK_CUR); // data_2
Fixes: Assertion c > 0 failed at libavutil/mathematics.c Fixes: 27001/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5726041328582656 Fixes: 27453/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5716060384526336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/vividas.c | 2 ++ 1 file changed, 2 insertions(+)