Message ID | 20190925203858.27870-3-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | cfa193779103c97bbfc28273a0ab12c114b6786d |
Headers | show |
lgtm On 9/25/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: division by 0 > Fixes: > 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/fitsdec.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/fitsdec.c b/libavcodec/fitsdec.c > index 4f452422ef..88b841a964 100644 > --- a/libavcodec/fitsdec.c > +++ b/libavcodec/fitsdec.c > @@ -195,6 +195,7 @@ static int fits_decode_frame(AVCodecContext *avctx, void > *data, int *got_frame, > uint8_t *dst8; > uint16_t *dst16; > uint64_t t; > + double scale; > FITSHeader header; > FITSContext * fitsctx = avctx->priv_data; > > @@ -204,6 +205,12 @@ static int fits_decode_frame(AVCodecContext *avctx, > void *data, int *got_frame, > if (ret < 0) > return ret; > > + scale = header.data_max - header.data_min; > + if (scale <= 0 || !isfinite(scale)) { > + scale = 1; > + } > + scale = 1/scale; > + > if (header.rgb) { > if (header.bitpix == 8) { > if (header.naxisn[2] == 3) { > @@ -272,7 +279,7 @@ static int fits_decode_frame(AVCodecContext *avctx, void > *data, int *got_frame, > for (j = 0; j < avctx->width; j++) { \ > t = rd; \ > if (!header.blank_found || t != header.blank) { \ > - *dst++ = ((t - header.data_min) * ((1 << (sizeof(type) > * 8)) - 1)) / (header.data_max - header.data_min); \ > + *dst++ = ((t - header.data_min) * ((1 << (sizeof(type) > * 8)) - 1)) * scale; \ > } else { \ > *dst++ = fitsctx->blank_val; \ > } \ > -- > 2.23.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Thu, Sep 26, 2019 at 09:52:48AM +0200, Paul B Mahol wrote:
> lgtm
will apply
thx
[...]
diff --git a/libavcodec/fitsdec.c b/libavcodec/fitsdec.c index 4f452422ef..88b841a964 100644 --- a/libavcodec/fitsdec.c +++ b/libavcodec/fitsdec.c @@ -195,6 +195,7 @@ static int fits_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, uint8_t *dst8; uint16_t *dst16; uint64_t t; + double scale; FITSHeader header; FITSContext * fitsctx = avctx->priv_data; @@ -204,6 +205,12 @@ static int fits_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, if (ret < 0) return ret; + scale = header.data_max - header.data_min; + if (scale <= 0 || !isfinite(scale)) { + scale = 1; + } + scale = 1/scale; + if (header.rgb) { if (header.bitpix == 8) { if (header.naxisn[2] == 3) { @@ -272,7 +279,7 @@ static int fits_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, for (j = 0; j < avctx->width; j++) { \ t = rd; \ if (!header.blank_found || t != header.blank) { \ - *dst++ = ((t - header.data_min) * ((1 << (sizeof(type) * 8)) - 1)) / (header.data_max - header.data_min); \ + *dst++ = ((t - header.data_min) * ((1 << (sizeof(type) * 8)) - 1)) * scale; \ } else { \ *dst++ = fitsctx->blank_val; \ } \
Fixes: division by 0 Fixes: 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/fitsdec.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)