From patchwork Tue Dec  7 08:14:10 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 32093
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp5920854iog;
        Tue, 7 Dec 2021 00:15:51 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJwcoJoK8WwrYZQa1UU33FXoYY8kgwLeoHjKuGIjSWIQoo6KPJReN2y+/aRnW4DCyeOuLHqD
X-Received: by 2002:a17:906:7109:: with SMTP id
 x9mr51728914ejj.559.1638864951134;
        Tue, 07 Dec 2021 00:15:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1638864951; cv=none;
        d=google.com; s=arc-20160816;
        b=LSM5VcWTw72H5w8PYPHgy1S3nZV6OhRsOXar9uAbz++BmEm41f8Wf1iszRywiOip4/
         7eajv1wY9EJEcVBsovZB2b+StfcqaBsATpgkvyN2PbttWNiJMTmfkZ17c/e3A+BsV0rH
         oZw9zHiod1njKGtWpn9ql6KXLN1vfTfqO2vggW6fGNt9CQvecWqz8aitjeqGCXHVgqb9
         5KwP4v4igJMv0QTOYoc2Pp9GGbwUwyZAyN+DlSdmraInRWzqTSR1Lt40o8sHCuQpw41I
         9NLHWxVlVtdfx8CWUsbT4v0gqJx2tZyqk73VnkSiOHoRyi1D/X55PxqJ9XqjtegxOkWX
         kYJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=/7ejqt0wAwwlaA6XxKOEkxLCBVwjTP4lK6Kr/+/bJ/g=;
        b=BX3KBRBHv0wKsOqEH7w0nBV/w5tbVwFwMzMCMJr5vLON8teLnsWjjVf59HFY9REda9
         w9aSBBfcZywPolMR8yG+jfAT9lGfR/Epadqb8BiyZt6AdqDEjkGY/j3tyhnHX5tv4yGU
         FbivCeYKmcpOl1F3p+ut1SHL97tE4OR2Xzp9qYYtVzKaZc8hJ/gQejBiGPlHSk4Zh7fL
         Uhr1d7yHhZitjptehzqKwOF9pmll1DTJwYcF5U/8tYLcCfLBnjNzxhk5WvzqhT48yPLG
         +KVL62b4LIFxLVJcwQ9b9zh2oetvO/TXxh/t1FAZ4V9+ZHlpIjOJ3sKHKiQnFuGWAee5
         YR8Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 r3si22061938edq.242.2021.12.07.00.15.50;
        Tue, 07 Dec 2021 00:15:51 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2C9EA68AD5F;
	Tue,  7 Dec 2021 10:15:22 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe03-2.mx.upcmail.net
 (vie01a-dmta-pe03-2.mx.upcmail.net [62.179.121.161])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C298F68A54D
 for <ffmpeg-devel@ffmpeg.org>; Tue,  7 Dec 2021 10:15:13 +0200 (EET)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe03.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1muVd3-000Xhz-0K
 for ffmpeg-devel@ffmpeg.org; Tue, 07 Dec 2021 09:15:13 +0100
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id uVc4mdsuiSgGFuVc4mFB8L; Tue, 07 Dec 2021 09:14:13 +0100
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=f8Q2+96M c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=tmNr3_pU3QajR3og:21 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10
 a=ZZnuYtJkoWoA:10 a=NEAV23lmAAAA:8 a=1RWdHWJ_AAAA:8 a=tJSY0DGyWPDn_kbvvTsA:9
 a=7CZ_-rfw-psA:10 a=QyQtT3pqVO38aunEuior:22 a=tqavtLjfuPS5_DfqQoZn:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Tue,  7 Dec 2021 09:14:10 +0100
Message-Id: <20211207081411.16442-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20211207081411.16442-1-michael@niedermayer.cc>
References: <20211207081411.16442-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfP8NW1mlv/LtT6ItyJ9DtQSCNxNKUEhHVZSuXxzGi+EjJIyzWpxNjusyDI1YsoT3mG3BfMaIt/icSbb1lmcAxf1iY/VAN+xvcdkDFV8DcpiU2T4eJVk3
 0EgAErxpAN5aKxCMcGex4jm3Bm/HQJ0Ic/oVaG2nSaZCFP0EywYDk02k
Subject: [FFmpeg-devel] [PATCH 3/4] avformat/vivo: Do not use the general
 expression evaluator for parsing a floating point value
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: aoSSm/+Eqdj7

Fixes: Timeout
Fixes: 41564/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-6309014024093696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/vivo.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavformat/vivo.c b/libavformat/vivo.c
index b2904cd25a7..6447ec7ee84 100644
--- a/libavformat/vivo.c
+++ b/libavformat/vivo.c
@@ -26,6 +26,7 @@
  * @sa http://wiki.multimedia.cx/index.php?title=Vivo
  */
 
+#include "libavutil/avstring.h"
 #include "libavutil/parseutils.h"
 #include "avformat.h"
 #include "internal.h"
@@ -206,11 +207,12 @@ static int vivo_read_header(AVFormatContext *s)
                     return AVERROR_INVALIDDATA;
                 value_used = 1;
             } else if (!strcmp(key, "FPS")) {
-                AVRational tmp;
+                double d;
+                if (av_sscanf(value, "%f", &d) != 1)
+                    return AVERROR_INVALIDDATA;
 
                 value_used = 1;
-                if (!av_parse_ratio(&tmp, value, 10000, AV_LOG_WARNING, s))
-                    fps = av_inv_q(tmp);
+                fps = av_inv_q(av_d2q(d, 10000));
             }
 
             if (!value_used)