diff mbox

[FFmpeg-devel,1/3] avcodec/ffwavesynth: Check sample rate before use

Message ID 20190714223549.25904-1-michael@niedermayer.cc
State Accepted
Commit c95857a4237d7a0c55378a44f51d2d809f3bc8f5
Headers show

Commit Message

Michael Niedermayer July 14, 2019, 10:35 p.m. UTC 
Fixes: division by zero
Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/ffwavesynth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Nicolas George July 19, 2019, 12:54 p.m. UTC | #1 
Michael Niedermayer (12019-07-15):
> Fixes: division by zero
> Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/ffwavesynth.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

All three patches look good to me. Thanks for fixing it.

Regards,
Michael Niedermayer July 20, 2019, 7:11 a.m. UTC | #2 
On Fri, Jul 19, 2019 at 02:54:15PM +0200, Nicolas George wrote:
> Michael Niedermayer (12019-07-15):
> > Fixes: division by zero
> > Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/ffwavesynth.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> All three patches look good to me. Thanks for fixing it.

will apply

thanks

[...]
diff mbox

Patch

diff --git a/libavcodec/ffwavesynth.c b/libavcodec/ffwavesynth.c
index 793eada7a5..1dbfaa5847 100644
--- a/libavcodec/ffwavesynth.c
+++ b/libavcodec/ffwavesynth.c
@@ -270,7 +270,7 @@  static int wavesynth_parse_extradata(AVCodecContext *avc)
         dt = in->ts_end - in->ts_start;
         switch (in->type) {
             case WS_SINE:
-                if (edata_end - edata < 20)
+                if (edata_end - edata < 20 || avc->sample_rate <= 0)
                     return AVERROR(EINVAL);
                 f1  = AV_RL32(edata +  0);
                 f2  = AV_RL32(edata +  4);