Message ID | 20220317233019.12049-3-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 31916d3d9fc61bab50ccbcc2d58bf7e7efb6c8a0 |
Headers | show |
Series | [FFmpeg-devel,1/3] avcodec/dfpwmdec: Check packet size more completely | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_aarch64_jetson | success | Make finished |
andriy/make_fate_aarch64_jetson | success | Make fate finished |
andriy/make_armv7_RPi4 | success | Make finished |
andriy/make_fate_armv7_RPi4 | success | Make fate finished |
On 3/17/2022 8:30 PM, Michael Niedermayer wrote: > Fixes: out of array write > Fixes: 45624/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-6473487382872064 > Fixes: 45626/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-4874997192065024 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/alsdec.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c > index 822cf211b0..73af829178 100644 > --- a/libavcodec/alsdec.c > +++ b/libavcodec/alsdec.c > @@ -1986,7 +1986,7 @@ static av_cold int decode_init(AVCodecContext *avctx) > unsigned int c; > unsigned int channel_size; > int num_buffers, ret; > - int channels = avctx->ch_layout.nb_channels; > + int channels; > ALSDecContext *ctx = avctx->priv_data; > ALSSpecificConfig *sconf = &ctx->sconf; > ctx->avctx = avctx; > @@ -2000,6 +2000,7 @@ static av_cold int decode_init(AVCodecContext *avctx) > av_log(avctx, AV_LOG_ERROR, "Reading ALSSpecificConfig failed.\n"); > return ret; > } > + channels = avctx->ch_layout.nb_channels; > > if ((ret = check_specific_config(ctx)) < 0) { > return ret; LGTM
On Thu, Mar 17, 2022 at 08:40:48PM -0300, James Almer wrote: > On 3/17/2022 8:30 PM, Michael Niedermayer wrote: > > Fixes: out of array write > > Fixes: 45624/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-6473487382872064 > > Fixes: 45626/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-4874997192065024 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/alsdec.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c > > index 822cf211b0..73af829178 100644 > > --- a/libavcodec/alsdec.c > > +++ b/libavcodec/alsdec.c > > @@ -1986,7 +1986,7 @@ static av_cold int decode_init(AVCodecContext *avctx) > > unsigned int c; > > unsigned int channel_size; > > int num_buffers, ret; > > - int channels = avctx->ch_layout.nb_channels; > > + int channels; > > ALSDecContext *ctx = avctx->priv_data; > > ALSSpecificConfig *sconf = &ctx->sconf; > > ctx->avctx = avctx; > > @@ -2000,6 +2000,7 @@ static av_cold int decode_init(AVCodecContext *avctx) > > av_log(avctx, AV_LOG_ERROR, "Reading ALSSpecificConfig failed.\n"); > > return ret; > > } > > + channels = avctx->ch_layout.nb_channels; > > if ((ret = check_specific_config(ctx)) < 0) { > > return ret; > > LGTM will apply thx [...]
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 822cf211b0..73af829178 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -1986,7 +1986,7 @@ static av_cold int decode_init(AVCodecContext *avctx) unsigned int c; unsigned int channel_size; int num_buffers, ret; - int channels = avctx->ch_layout.nb_channels; + int channels; ALSDecContext *ctx = avctx->priv_data; ALSSpecificConfig *sconf = &ctx->sconf; ctx->avctx = avctx; @@ -2000,6 +2000,7 @@ static av_cold int decode_init(AVCodecContext *avctx) av_log(avctx, AV_LOG_ERROR, "Reading ALSSpecificConfig failed.\n"); return ret; } + channels = avctx->ch_layout.nb_channels; if ((ret = check_specific_config(ctx)) < 0) { return ret;
Fixes: out of array write Fixes: 45624/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-6473487382872064 Fixes: 45626/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-4874997192065024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/alsdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)