[FFmpeg-devel,3/3] avcodec/pnm: Check scale

Message ID	20200606160347.16805-3-michael@niedermayer.cc
State	Accepted
Commit	8e21379da110ca78f41ff2fe074fd771a1bcd1d0
Headers	show Return-Path: <ffmpeg-devel-bounces@ffmpeg.org> From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Sat, 6 Jun 2020 18:03:47 +0200 Message-Id: <20200606160347.16805-3-michael@niedermayer.cc> In-Reply-To: <20200606160347.16805-1-michael@niedermayer.cc> References: <20200606160347.16805-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 3/3] avcodec/pnm: Check scale Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/3] avcodec/cbs_h265_syntax_template: Check inter_ref_pic_set_prediction_flag \| expand [FFmpeg-devel,1/3] avcodec/cbs_h265_syntax_template: Check inter_ref_pic_set_prediction_flag [FFmpeg-devel,2/3] avcodec/snowdec: Avoid integer overflow with huge qlog [FFmpeg-devel,3/3] avcodec/pnm: Check scale

Message ID

20200606160347.16805-3-michael@niedermayer.cc

State

Accepted

Commit

8e21379da110ca78f41ff2fe074fd771a1bcd1d0

Headers

From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sat,  6 Jun 2020 18:03:47 +0200
Message-Id: <20200606160347.16805-3-michael@niedermayer.cc>
In-Reply-To: <20200606160347.16805-1-michael@niedermayer.cc>
References: <20200606160347.16805-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 3/3] avcodec/pnm: Check scale
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Series

[FFmpeg-devel,1/3] avcodec/cbs_h265_syntax_template: Check inter_ref_pic_set_prediction_flag | expand

Context	Check	Description
andriy/default	pending
andriy/make	success	Make finished
andriy/make_fate	success	Make fate finished

Context

Check

Description

andriy/default

pending

andriy/make

success

Make finished

andriy/make_fate

success

Make fate finished

Commit Message

Michael Niedermayer June 6, 2020, 4:03 p.m. UTC

Fixes: division by zero
Fixes: 22974/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PFM_fuzzer-6270027077779456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/pnm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer June 8, 2020, 6:44 p.m. UTC | #1

On Sat, Jun 06, 2020 at 06:03:47PM +0200, Michael Niedermayer wrote:
> Fixes: division by zero
> Fixes: 22974/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PFM_fuzzer-6270027077779456
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/pnm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]

diff --git a/libavcodec/pnm.c b/libavcodec/pnm.c
index a6ae01b494..aad23c7ae2 100644
--- a/libavcodec/pnm.c
+++ b/libavcodec/pnm.c
@@ -179,7 +179,7 @@  int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
 
     if (avctx->pix_fmt == AV_PIX_FMT_GBRPF32) {
         pnm_get(s, buf1, sizeof(buf1));
-        if (av_sscanf(buf1, "%f", &s->scale) != 1) {
+        if (av_sscanf(buf1, "%f", &s->scale) != 1 || s->scale == 0.0 || !isfinite(s->scale)) {
             av_log(avctx, AV_LOG_ERROR, "Invalid scale.\n");
             return AVERROR_INVALIDDATA;
         }

[FFmpeg-devel,3/3] avcodec/pnm: Check scale

Checks

Commit Message

Comments

Patch