| Message ID | 20200906225704.22608-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 39a98623edbbdcf9d9b76e9d7aff3ce086ebfbfe |
| Headers | show |
| Series | [FFmpeg-devel] avformat/electronicarts: Check if there are any streams | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
On 9/6/2020 7:57 PM, Michael Niedermayer wrote: > Fixes: Assertion failure (invalid stream index) > Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/electronicarts.c | 14 ++++++++------ > 1 file changed, 8 insertions(+), 6 deletions(-) > > diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c > index 2ee5e1b6fa..6976a133c3 100644 > --- a/libavformat/electronicarts.c > +++ b/libavformat/electronicarts.c > @@ -530,20 +530,17 @@ static int ea_read_header(AVFormatContext *s) > if (ea->num_channels <= 0 || ea->num_channels > 2) { > av_log(s, AV_LOG_WARNING, > "Unsupported number of channels: %d\n", ea->num_channels); > - ea->audio_codec = 0; > - return 1; > + goto no_audio; > } > if (ea->sample_rate <= 0) { > av_log(s, AV_LOG_ERROR, > "Unsupported sample rate: %d\n", ea->sample_rate); > - ea->audio_codec = 0; > - return 1; > + goto no_audio; > } > if (ea->bytes <= 0 || ea->bytes > 2) { > av_log(s, AV_LOG_ERROR, > "Invalid number of bytes per sample: %d\n", ea->bytes); > - ea->audio_codec = AV_CODEC_ID_NONE; > - return 1; > + goto no_audio; > } > > /* initialize the audio decoder stream */ > @@ -564,8 +561,13 @@ static int ea_read_header(AVFormatContext *s) > st->codecpar->bits_per_coded_sample; > ea->audio_stream_index = st->index; > st->start_time = 0; > + return 1; fwiw, return value for AVInputFormat.read_header() should be 0 for success, < 0 for failure (Mind, while > 0 is not defined, it's currently treated like 0). > } > +no_audio: > + ea->audio_codec = AV_CODEC_ID_NONE; > > + if (!ea->video.codec) > + return AVERROR_INVALIDDATA; > return 1; > } > >
On Sun, Sep 06, 2020 at 08:50:02PM -0300, James Almer wrote: > On 9/6/2020 7:57 PM, Michael Niedermayer wrote: > > Fixes: Assertion failure (invalid stream index) > > Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/electronicarts.c | 14 ++++++++------ > > 1 file changed, 8 insertions(+), 6 deletions(-) > > > > diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c > > index 2ee5e1b6fa..6976a133c3 100644 > > --- a/libavformat/electronicarts.c > > +++ b/libavformat/electronicarts.c > > @@ -530,20 +530,17 @@ static int ea_read_header(AVFormatContext *s) > > if (ea->num_channels <= 0 || ea->num_channels > 2) { > > av_log(s, AV_LOG_WARNING, > > "Unsupported number of channels: %d\n", ea->num_channels); > > - ea->audio_codec = 0; > > - return 1; > > + goto no_audio; > > } > > if (ea->sample_rate <= 0) { > > av_log(s, AV_LOG_ERROR, > > "Unsupported sample rate: %d\n", ea->sample_rate); > > - ea->audio_codec = 0; > > - return 1; > > + goto no_audio; > > } > > if (ea->bytes <= 0 || ea->bytes > 2) { > > av_log(s, AV_LOG_ERROR, > > "Invalid number of bytes per sample: %d\n", ea->bytes); > > - ea->audio_codec = AV_CODEC_ID_NONE; > > - return 1; > > + goto no_audio; > > } > > > > /* initialize the audio decoder stream */ > > @@ -564,8 +561,13 @@ static int ea_read_header(AVFormatContext *s) > > st->codecpar->bits_per_coded_sample; > > ea->audio_stream_index = st->index; > > st->start_time = 0; > > + return 1; > > fwiw, return value for AVInputFormat.read_header() should be 0 for > success, < 0 for failure (Mind, while > 0 is not defined, it's currently > treated like 0). indeed, this is just for the internal function pointer though, doesnt affect the user API visible one. But ill fix this. Will do it in a seperate comit as this is unrelated to this patch, this just moved some of the return 1 around. thx [...]
diff --git a/libavformat/electronicarts.c b/libavformat/electronicarts.c index 2ee5e1b6fa..6976a133c3 100644 --- a/libavformat/electronicarts.c +++ b/libavformat/electronicarts.c @@ -530,20 +530,17 @@ static int ea_read_header(AVFormatContext *s) if (ea->num_channels <= 0 || ea->num_channels > 2) { av_log(s, AV_LOG_WARNING, "Unsupported number of channels: %d\n", ea->num_channels); - ea->audio_codec = 0; - return 1; + goto no_audio; } if (ea->sample_rate <= 0) { av_log(s, AV_LOG_ERROR, "Unsupported sample rate: %d\n", ea->sample_rate); - ea->audio_codec = 0; - return 1; + goto no_audio; } if (ea->bytes <= 0 || ea->bytes > 2) { av_log(s, AV_LOG_ERROR, "Invalid number of bytes per sample: %d\n", ea->bytes); - ea->audio_codec = AV_CODEC_ID_NONE; - return 1; + goto no_audio; } /* initialize the audio decoder stream */ @@ -564,8 +561,13 @@ static int ea_read_header(AVFormatContext *s) st->codecpar->bits_per_coded_sample; ea->audio_stream_index = st->index; st->start_time = 0; + return 1; } +no_audio: + ea->audio_codec = AV_CODEC_ID_NONE; + if (!ea->video.codec) + return AVERROR_INVALIDDATA; return 1; }
Fixes: Assertion failure (invalid stream index) Fixes: 25120/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6565251898933248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/electronicarts.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)