| Message ID | 20191105232224.13680-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 3e5a528bbe85a3a00640bc2739c11ee07eb05485 |
| Headers | show |
On Wed, Nov 06, 2019 at 12:22:20AM +0100, Michael Niedermayer wrote: > The decoder hardcodes that audio is stream_id = 1 so it does not > currently work with more or less than 1 video stream at st=0 > > Fixes: assertion failure > Fixes: 18602/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6259277199310848 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/vividas.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) will apply patchset [...]
diff --git a/libavformat/vividas.c b/libavformat/vividas.c index efe1b8deff..e4255fd5cc 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -309,8 +309,10 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t * num_video = avio_r8(pb); avio_seek(pb, off, SEEK_SET); - if (num_video != 1) - av_log(s, AV_LOG_WARNING, "number of video tracks %d is not 1\n", num_video); + if (num_video != 1) { + av_log(s, AV_LOG_ERROR, "number of video tracks %d is not 1\n", num_video); + return AVERROR_PATCHWELCOME; + } for (i = 0; i < num_video; i++) { AVStream *st = avformat_new_stream(s, NULL);
The decoder hardcodes that audio is stream_id = 1 so it does not currently work with more or less than 1 video stream at st=0 Fixes: assertion failure Fixes: 18602/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6259277199310848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/vividas.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)