diff mbox series

[FFmpeg-devel,1/2] avcodec/wmalosslessdec: move channel check up

Message ID 20200115002108.25753-1-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/2] avcodec/wmalosslessdec: move channel check up | expand

Checks

Context Check Description
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Michael Niedermayer Jan. 15, 2020, 12:21 a.m. UTC
Fixes: out of array access
Fixes: 2nd part of 18429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-6210814364614656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wmalosslessdec.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

Comments

Andreas Rheinhardt Jan. 15, 2020, 1:33 a.m. UTC | #1
On Wed, Jan 15, 2020 at 1:25 AM Michael Niedermayer <michael@niedermayer.cc>
wrote:

> Fixes: out of array access
> Fixes: 2nd part of
> 18429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-6210814364614656
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/wmalosslessdec.c | 20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
> index d2f9d4a70f..2b97c2a848 100644
> --- a/libavcodec/wmalosslessdec.c
> +++ b/libavcodec/wmalosslessdec.c
> @@ -189,6 +189,16 @@ static av_cold int decode_init(AVCodecContext *avctx)
>          return AVERROR(EINVAL);
>      }
>
> +    if (avctx->channels < 0) {
> +        av_log(avctx, AV_LOG_ERROR, "invalid number of channels %d\n",
> +               avctx->channels);
> +        return AVERROR_INVALIDDATA;
> +    } else if (avctx->channels > WMALL_MAX_CHANNELS) {
> +        avpriv_request_sample(avctx,
> +                              "More than %d channels",
> WMALL_MAX_CHANNELS);
>

This looks like it could benefit from AV_STRINGIFY. LGTM apart from that.

- Andreas
Michael Niedermayer Jan. 15, 2020, 12:12 p.m. UTC | #2
On Wed, Jan 15, 2020 at 02:33:28AM +0100, Andreas Rheinhardt wrote:
> On Wed, Jan 15, 2020 at 1:25 AM Michael Niedermayer <michael@niedermayer.cc>
> wrote:
> 
> > Fixes: out of array access
> > Fixes: 2nd part of
> > 18429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-6210814364614656
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by
> > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> > Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/wmalosslessdec.c | 20 ++++++++++----------
> >  1 file changed, 10 insertions(+), 10 deletions(-)
> >
> > diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
> > index d2f9d4a70f..2b97c2a848 100644
> > --- a/libavcodec/wmalosslessdec.c
> > +++ b/libavcodec/wmalosslessdec.c
> > @@ -189,6 +189,16 @@ static av_cold int decode_init(AVCodecContext *avctx)
> >          return AVERROR(EINVAL);
> >      }
> >
> > +    if (avctx->channels < 0) {
> > +        av_log(avctx, AV_LOG_ERROR, "invalid number of channels %d\n",
> > +               avctx->channels);
> > +        return AVERROR_INVALIDDATA;
> > +    } else if (avctx->channels > WMALL_MAX_CHANNELS) {
> > +        avpriv_request_sample(avctx,
> > +                              "More than %d channels",
> > WMALL_MAX_CHANNELS);
> >
> 
> This looks like it could benefit from AV_STRINGIFY. LGTM apart from that.

will apply with a AV_STRINGIFY patch

thanks

[...]
diff mbox series

Patch

diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index d2f9d4a70f..2b97c2a848 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -189,6 +189,16 @@  static av_cold int decode_init(AVCodecContext *avctx)
         return AVERROR(EINVAL);
     }
 
+    if (avctx->channels < 0) {
+        av_log(avctx, AV_LOG_ERROR, "invalid number of channels %d\n",
+               avctx->channels);
+        return AVERROR_INVALIDDATA;
+    } else if (avctx->channels > WMALL_MAX_CHANNELS) {
+        avpriv_request_sample(avctx,
+                              "More than %d channels", WMALL_MAX_CHANNELS);
+        return AVERROR_PATCHWELCOME;
+    }
+
     s->max_frame_size = MAX_FRAMESIZE * avctx->channels;
     s->frame_data = av_mallocz(s->max_frame_size + AV_INPUT_BUFFER_PADDING_SIZE);
     if (!s->frame_data)
@@ -267,16 +277,6 @@  static av_cold int decode_init(AVCodecContext *avctx)
                 ++s->lfe_channel;
     }
 
-    if (s->num_channels < 0) {
-        av_log(avctx, AV_LOG_ERROR, "invalid number of channels %"PRId8"\n",
-               s->num_channels);
-        return AVERROR_INVALIDDATA;
-    } else if (s->num_channels > WMALL_MAX_CHANNELS) {
-        avpriv_request_sample(avctx,
-                              "More than %d channels", WMALL_MAX_CHANNELS);
-        return AVERROR_PATCHWELCOME;
-    }
-
     s->frame = av_frame_alloc();
     if (!s->frame)
         return AVERROR(ENOMEM);