diff mbox

[FFmpeg-devel,3/8] avcodec/utils: Check block_align

Message ID 20191031175830.24895-3-michael@niedermayer.cc
State Accepted
Commit f011572e66c8dd2f0ac3cb147a769e91f24e0202
Headers show

Commit Message

Michael Niedermayer Oct. 31, 2019, 5:58 p.m. UTC 
Fixes: out of array access
Fixes: 18432/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5675574936207360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/utils.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Paul B Mahol Nov. 1, 2019, 8:26 a.m. UTC | #1 
LGTM

On 10/31/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: out of array access
> Fixes:
> 18432/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5675574936207360
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/utils.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> index 6cc770b1ea..75e7035b8a 100644
> --- a/libavcodec/utils.c
> +++ b/libavcodec/utils.c
> @@ -694,6 +694,11 @@ int attribute_align_arg avcodec_open2(AVCodecContext
> *avctx, const AVCodec *code
>          ret = AVERROR(EINVAL);
>          goto free_and_end;
>      }
> +    if (avctx->block_align < 0) {
> +        av_log(avctx, AV_LOG_ERROR, "Invalid block align: %d\n",
> avctx->block_align);
> +        ret = AVERROR(EINVAL);
> +        goto free_and_end;
> +    }
>
>      avctx->codec = codec;
>      if ((avctx->codec_type == AVMEDIA_TYPE_UNKNOWN || avctx->codec_type ==
> codec->type) &&
> --
> 2.23.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Michael Niedermayer Nov. 1, 2019, 1:45 p.m. UTC | #2 
On Fri, Nov 01, 2019 at 09:26:52AM +0100, Paul B Mahol wrote:
> LGTM

will apply

thx

[...]
diff mbox

Patch

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 6cc770b1ea..75e7035b8a 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -694,6 +694,11 @@  int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
         ret = AVERROR(EINVAL);
         goto free_and_end;
     }
+    if (avctx->block_align < 0) {
+        av_log(avctx, AV_LOG_ERROR, "Invalid block align: %d\n", avctx->block_align);
+        ret = AVERROR(EINVAL);
+        goto free_and_end;
+    }
 
     avctx->codec = codec;
     if ((avctx->codec_type == AVMEDIA_TYPE_UNKNOWN || avctx->codec_type == codec->type) &&