Message ID | 20191031175830.24895-3-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | f011572e66c8dd2f0ac3cb147a769e91f24e0202 |
Headers | show |
LGTM On 10/31/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: out of array access > Fixes: > 18432/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5675574936207360 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/utils.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavcodec/utils.c b/libavcodec/utils.c > index 6cc770b1ea..75e7035b8a 100644 > --- a/libavcodec/utils.c > +++ b/libavcodec/utils.c > @@ -694,6 +694,11 @@ int attribute_align_arg avcodec_open2(AVCodecContext > *avctx, const AVCodec *code > ret = AVERROR(EINVAL); > goto free_and_end; > } > + if (avctx->block_align < 0) { > + av_log(avctx, AV_LOG_ERROR, "Invalid block align: %d\n", > avctx->block_align); > + ret = AVERROR(EINVAL); > + goto free_and_end; > + } > > avctx->codec = codec; > if ((avctx->codec_type == AVMEDIA_TYPE_UNKNOWN || avctx->codec_type == > codec->type) && > -- > 2.23.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Fri, Nov 01, 2019 at 09:26:52AM +0100, Paul B Mahol wrote:
> LGTM
will apply
thx
[...]
diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 6cc770b1ea..75e7035b8a 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -694,6 +694,11 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code ret = AVERROR(EINVAL); goto free_and_end; } + if (avctx->block_align < 0) { + av_log(avctx, AV_LOG_ERROR, "Invalid block align: %d\n", avctx->block_align); + ret = AVERROR(EINVAL); + goto free_and_end; + } avctx->codec = codec; if ((avctx->codec_type == AVMEDIA_TYPE_UNKNOWN || avctx->codec_type == codec->type) &&
Fixes: out of array access Fixes: 18432/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5675574936207360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/utils.c | 5 +++++ 1 file changed, 5 insertions(+)