From patchwork Sun Mar 20 13:47:36 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 34858
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6838:ed11:0:0:0:0 with SMTP id hi17csp921100nkc;
        Sun, 20 Mar 2022 06:48:19 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJz21HML2MNwGrX0JYkNJEDTIweL40GDA3fhnsC7pgo+xtEQYErtPPF/2ynsW7jLl60aitrF
X-Received: by 2002:a17:907:6e29:b0:6df:dc30:575b with SMTP id
 sd41-20020a1709076e2900b006dfdc30575bmr5379727ejc.510.1647784098806;
        Sun, 20 Mar 2022 06:48:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1647784098; cv=none;
        d=google.com; s=arc-20160816;
        b=sRQDPdjeiJizY9A9E0GqXpsIbDtckemSrxxev4PhwuIiBVjg3NHR1M+CBp30KuxGYR
         asfI6vkV5wASoVG9Blq37EftKOPguZHrfdSg/cPjl/p824M7VJfd9z/y24/45fKN04SH
         YT8JoFEn3f1MnUwpqEwNh9Yc1mSmgM5ielyWiHj5VevK6BTUBUV3NbFx5fi84fihxXwG
         eNjIKauieLdCj4fWGXo64P822V4KcmBOCjHQ2g9QxiBpqoO0vTmTlKX+3rWbTKNGrcuR
         DAxeGqBdgKJpNDTDiwe5m+jyWnH0sSJuZgMunf8Wl7D1WAV/CR5fSdTk05NkcXukGtTr
         N78g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:message-id:date:to:from:delivered-to;
        bh=JaDy4a/mhNqEJiGu7wVq4dUkDGdiZgfRGYrQuZiCeco=;
        b=WWd85uSHCV0n4Re48KV4c5bi+Vj8y7041ow2RewS2IBp+av4EcyEmygXtTCtFl81ee
         6dmXe6OC5CbkQZo7p3xbV3X6ENETs90kJP9hJldDISlZdS7BOxYaVVdizAwf4Cz2wQHL
         n42s58m3UeLW2WHmMZhSQvZlCx4ZJP832Cz2doAsPzYiOXWJywQwwqWjvFaomhNDH9XC
         QqXIShDdpCurqvPmeWHI2XgagY0dv8Cw+/qYy1fH74Il49c8QrESxN7JnGxyWLk6K97B
         LiEgv0rG4QxIA0MtuGaGjaL/Tebqkwk31bi1z40TN3rH2TidRXgrhG0MrR3WanGQi8Q0
         GRXQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 ky19-20020a170907779300b006df76385c53si5012741ejc.243.2022.03.20.06.48.18;
        Sun, 20 Mar 2022 06:48:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D997768B0A2;
	Sun, 20 Mar 2022 15:48:04 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-at03-1.mx.upcmail.net
 (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 99BF568A8A0
 for <ffmpeg-devel@ffmpeg.org>; Sun, 20 Mar 2022 15:47:56 +0200 (EET)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1nVvuV-0000Ux-Av
 for ffmpeg-devel@ffmpeg.org; Sun, 20 Mar 2022 14:47:55 +0100
Received: from ren-mail-psmtp-mg01. ([80.109.253.241])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id VvuVn41RMSgGFVvuVnIFPx; Sun, 20 Mar 2022 14:47:55 +0100
Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP
 id VvuFnKFJ9OPqFVvuFnIY5i; Sun, 20 Mar 2022 14:47:39 +0100
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.4 cv=OcX7sjfY c=1 sm=1 tr=0 ts=6237308a
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=NEAV23lmAAAA:8 a=apxm4mY1AWi8j9N8YjIA:9
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 20 Mar 2022 14:47:36 +0100
Message-Id: <20220320134739.28728-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-CMAE-Envelope: 
 MS4wfAXKuwCyoSIvLc4G215X8hXCUUjJQwIHfTjBVSlVTjuSH9n1DoXT/kaBdxOiIGXHMmUtTNdxx0xL1i67/5BQWgr2INAHP8kUkdZkyEoYOhMPxwGD7MXQ
 InJ4WseqLFybR0iBORTjBclLK9ngRB23QrYeqB2k+LC3dxnePFlb3f11iyRH7G5nNxp03DsonaQauA==
Subject: [FFmpeg-devel] [PATCH 1/4] avformat/alp: Check num_channels
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: JRWlk7Q8/Ntk

Fixes: division by 0
Fixes: 45615/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-582660348405350
Fixes: 45625/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-4821437943250944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/alp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/alp.c b/libavformat/alp.c
index f2428a9e3b..40e4890a38 100644
--- a/libavformat/alp.c
+++ b/libavformat/alp.c
@@ -122,7 +122,7 @@ static int alp_read_header(AVFormatContext *s)
     par->format                 = AV_SAMPLE_FMT_S16;
     par->sample_rate            = hdr->sample_rate;
 
-    if (hdr->num_channels > 2)
+    if (hdr->num_channels > 2 || hdr->num_channels == 0)
         return AVERROR_INVALIDDATA;
 
     av_channel_layout_default(&par->ch_layout, hdr->num_channels);