diff mbox

[FFmpeg-devel,4/4] avcodec/wmadec: Check block_align

Message ID 20191018221924.677-4-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer Oct. 18, 2019, 10:19 p.m. UTC 
Fixes: null pointer dereference
Fixes: 18326/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5071752362721280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wmadec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox

Patch

diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c
index 78b51e5871..a2ea930350 100644
--- a/libavcodec/wmadec.c
+++ b/libavcodec/wmadec.c
@@ -822,7 +822,7 @@  static int wma_decode_superframe(AVCodecContext *avctx, void *data,
         s->last_superframe_len = 0;
         return 0;
     }
-    if (buf_size < avctx->block_align) {
+    if (buf_size < avctx->block_align || avctx->block_align < 0) {
         av_log(avctx, AV_LOG_ERROR,
                "Input packet size too small (%d < %d)\n",
                buf_size, avctx->block_align);