| Message ID | 20201102122041.2803-1-zane@zanevaniperen.com |
|---|---|
| State | Accepted |
| Commit | 5fb628521faaf36cc284618db099d78c107ac6b5 |
| Headers | show |
| Series | [FFmpeg-devel] avformat/argo_brp: bail if no video frames | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
On Mon, Nov 02, 2020 at 12:21:03PM +0000, Zane van Iperen wrote: > Fixes: Assertion failure > Fixes: 26572/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-5166735591997440 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Zane van Iperen <zane@zanevaniperen.com> > --- > libavformat/argo_brp.c | 3 +++ > 1 file changed, 3 insertions(+) LGTM thx [...]
diff --git a/libavformat/argo_brp.c b/libavformat/argo_brp.c index fdc552af14..766d4fd261 100644 --- a/libavformat/argo_brp.c +++ b/libavformat/argo_brp.c @@ -218,6 +218,9 @@ static int argo_brp_read_header(AVFormatContext *s) bvid->height = AV_RL32(buf + 8); bvid->depth = AV_RL32(buf + 12); + if (bvid->num_frames == 0) + return AVERROR_INVALIDDATA; + /* These are from 1990's games, sanity check this. */ if (bvid->width >= 65536 || bvid->height >= 65536 || bvid->depth > 24 || bvid->depth % 8 != 0) {
Fixes: Assertion failure Fixes: 26572/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-5166735591997440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Zane van Iperen <zane@zanevaniperen.com> --- libavformat/argo_brp.c | 3 +++ 1 file changed, 3 insertions(+)