diff mbox series

[FFmpeg-devel,2/2] avcodec/dstdec: Check sample rate

Message ID 20200213222456.26522-2-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/2] avcodec/dstdec: Use local channels variable
Related show

Checks

Context Check Description
andriy/ffmpeg-patchwork pending
andriy/ffmpeg-patchwork success Applied patch
andriy/ffmpeg-patchwork success Configure finished
andriy/ffmpeg-patchwork success Make finished
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Michael Niedermayer Feb. 13, 2020, 10:24 p.m. UTC
Fixes: out of array access
Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5735812071424000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dstdec.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Paul B Mahol Feb. 14, 2020, 3:36 p.m. UTC | #1
LGTM

On 2/13/20, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: out of array access
> Fixes:
> 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5735812071424000
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/dstdec.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c
> index bdabced823..0505d3fde5 100644
> --- a/libavcodec/dstdec.c
> +++ b/libavcodec/dstdec.c
> @@ -86,6 +86,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
>          return AVERROR_PATCHWELCOME;
>      }
>
> +    if (DST_SAMPLES_PER_FRAME(avctx->sample_rate) & 7) {
> +        avpriv_request_sample(avctx, "sample rate %d", avctx->sample_rate);
> +        return AVERROR_PATCHWELCOME;
> +    }
> +
>      avctx->sample_fmt = AV_SAMPLE_FMT_FLT;
>
>      for (i = 0; i < avctx->channels; i++)
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Paul B Mahol Feb. 14, 2020, 3:36 p.m. UTC | #2
LGTM

On 2/13/20, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: out of array access
> Fixes:
> 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5735812071424000
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/dstdec.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c
> index bdabced823..0505d3fde5 100644
> --- a/libavcodec/dstdec.c
> +++ b/libavcodec/dstdec.c
> @@ -86,6 +86,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
>          return AVERROR_PATCHWELCOME;
>      }
>
> +    if (DST_SAMPLES_PER_FRAME(avctx->sample_rate) & 7) {
> +        avpriv_request_sample(avctx, "sample rate %d", avctx->sample_rate);
> +        return AVERROR_PATCHWELCOME;
> +    }
> +
>      avctx->sample_fmt = AV_SAMPLE_FMT_FLT;
>
>      for (i = 0; i < avctx->channels; i++)
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Paul B Mahol Feb. 14, 2020, 3:37 p.m. UTC | #3
Actually I'm pretty sure log message is not needed as not power of 8
is simply not possible.

On 2/14/20, Paul B Mahol <onemda@gmail.com> wrote:
> LGTM
>
> On 2/13/20, Michael Niedermayer <michael@niedermayer.cc> wrote:
>> Fixes: out of array access
>> Fixes:
>> 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5735812071424000
>>
>> Found-by: continuous fuzzing process
>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>> ---
>>  libavcodec/dstdec.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c
>> index bdabced823..0505d3fde5 100644
>> --- a/libavcodec/dstdec.c
>> +++ b/libavcodec/dstdec.c
>> @@ -86,6 +86,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
>>          return AVERROR_PATCHWELCOME;
>>      }
>>
>> +    if (DST_SAMPLES_PER_FRAME(avctx->sample_rate) & 7) {
>> +        avpriv_request_sample(avctx, "sample rate %d",
>> avctx->sample_rate);
>> +        return AVERROR_PATCHWELCOME;
>> +    }
>> +
>>      avctx->sample_fmt = AV_SAMPLE_FMT_FLT;
>>
>>      for (i = 0; i < avctx->channels; i++)
>> --
>> 2.17.1
>>
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel@ffmpeg.org
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
Michael Niedermayer May 10, 2020, 7:41 a.m. UTC | #4
On Fri, Feb 14, 2020 at 04:37:32PM +0100, Paul B Mahol wrote:
> Actually I'm pretty sure log message is not needed as not power of 8
> is simply not possible.

ok, will apply without the log message

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c
index bdabced823..0505d3fde5 100644
--- a/libavcodec/dstdec.c
+++ b/libavcodec/dstdec.c
@@ -86,6 +86,11 @@  static av_cold int decode_init(AVCodecContext *avctx)
         return AVERROR_PATCHWELCOME;
     }
 
+    if (DST_SAMPLES_PER_FRAME(avctx->sample_rate) & 7) {
+        avpriv_request_sample(avctx, "sample rate %d", avctx->sample_rate);
+        return AVERROR_PATCHWELCOME;
+    }
+
     avctx->sample_fmt = AV_SAMPLE_FMT_FLT;
 
     for (i = 0; i < avctx->channels; i++)