Message ID | 20210419182346.4445-6-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 7a403da0cb8e5fe308fe307b7ed219110f7021e0 |
Headers | show |
Series | [FFmpeg-devel,1/9] avformat/utils: check dts/duration to be representable before using them | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Mon, Apr 19, 2021 at 08:23:43PM +0200, Michael Niedermayer wrote: > Fixes: null pointer dereference > Fixes: 33172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_WS_fuzzer-5200164273913856 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/adpcm.c | 2 ++ > 1 file changed, 2 insertions(+) will apply [...]
Michael Niedermayer: > Fixes: null pointer dereference > Fixes: 33172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_WS_fuzzer-5200164273913856 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/adpcm.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c > index be14607eac..2deefeb651 100644 > --- a/libavcodec/adpcm.c > +++ b/libavcodec/adpcm.c > @@ -191,6 +191,8 @@ static av_cold int adpcm_decode_init(AVCodecContext * avctx) > avctx->sample_fmt = AV_SAMPLE_FMT_S16P; > break; > case AV_CODEC_ID_ADPCM_IMA_WS: > + if (avctx->extradata && avctx->extradata_size >= 2) > + c->vqa_version = AV_RL16(avctx->extradata); > avctx->sample_fmt = c->vqa_version == 3 ? AV_SAMPLE_FMT_S16P : > AV_SAMPLE_FMT_S16; > break; > I think this was unnecessary, as it has already been fixed in ff946633a30e15415974c3f0ec7751c04eb91701. - Andreas
On 13/5/21 10:50 am, Andreas Rheinhardt wrote: > Michael Niedermayer: >> Fixes: null pointer dereference >> Fixes: 33172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_WS_fuzzer-5200164273913856 >> >> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >> --- >> libavcodec/adpcm.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c >> index be14607eac..2deefeb651 100644 >> --- a/libavcodec/adpcm.c >> +++ b/libavcodec/adpcm.c >> @@ -191,6 +191,8 @@ static av_cold int adpcm_decode_init(AVCodecContext * avctx) >> avctx->sample_fmt = AV_SAMPLE_FMT_S16P; >> break; >> case AV_CODEC_ID_ADPCM_IMA_WS: >> + if (avctx->extradata && avctx->extradata_size >= 2) >> + c->vqa_version = AV_RL16(avctx->extradata); >> avctx->sample_fmt = c->vqa_version == 3 ? AV_SAMPLE_FMT_S16P : >> AV_SAMPLE_FMT_S16; >> break; >> > I think this was unnecessary, as it has already been fixed in > ff946633a30e15415974c3f0ec7751c04eb91701. Yep, this was fixed by ff946633a30e15415974c3f0ec7751c04eb91701, and added to FATE in ab38a48c485d2167e1b53eb5fb684862cf35d47c. Shall I send a revert?
On Thu, May 13, 2021 at 11:14:13AM +1000, Zane van Iperen wrote: > > > On 13/5/21 10:50 am, Andreas Rheinhardt wrote: > > Michael Niedermayer: > > > Fixes: null pointer dereference > > > Fixes: 33172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_WS_fuzzer-5200164273913856 > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > --- > > > libavcodec/adpcm.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c > > > index be14607eac..2deefeb651 100644 > > > --- a/libavcodec/adpcm.c > > > +++ b/libavcodec/adpcm.c > > > @@ -191,6 +191,8 @@ static av_cold int adpcm_decode_init(AVCodecContext * avctx) > > > avctx->sample_fmt = AV_SAMPLE_FMT_S16P; > > > break; > > > case AV_CODEC_ID_ADPCM_IMA_WS: > > > + if (avctx->extradata && avctx->extradata_size >= 2) > > > + c->vqa_version = AV_RL16(avctx->extradata); > > > avctx->sample_fmt = c->vqa_version == 3 ? AV_SAMPLE_FMT_S16P : > > > AV_SAMPLE_FMT_S16; > > > break; > > > > > I think this was unnecessary, as it has already been fixed in > > ff946633a30e15415974c3f0ec7751c04eb91701. > > Yep, this was fixed by ff946633a30e15415974c3f0ec7751c04eb91701, and added to FATE in ab38a48c485d2167e1b53eb5fb684862cf35d47c. > Shall I send a revert? no need to, i missed this, ill revert thanks [...]
diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index be14607eac..2deefeb651 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -191,6 +191,8 @@ static av_cold int adpcm_decode_init(AVCodecContext * avctx) avctx->sample_fmt = AV_SAMPLE_FMT_S16P; break; case AV_CODEC_ID_ADPCM_IMA_WS: + if (avctx->extradata && avctx->extradata_size >= 2) + c->vqa_version = AV_RL16(avctx->extradata); avctx->sample_fmt = c->vqa_version == 3 ? AV_SAMPLE_FMT_S16P : AV_SAMPLE_FMT_S16; break;
Fixes: null pointer dereference Fixes: 33172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_WS_fuzzer-5200164273913856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/adpcm.c | 2 ++ 1 file changed, 2 insertions(+)