diff mbox series

[FFmpeg-devel,1/2] avcodec/tiff: Avoid 0.0/0.0 in camera_xyz_coeff()

Message ID 20221117231418.20994-1-michael@niedermayer.cc
State Accepted
Commit ff2d1bbe737539b9f564e53f84b7309bc2a38243
Headers show
Series [FFmpeg-devel,1/2] avcodec/tiff: Avoid 0.0/0.0 in camera_xyz_coeff() | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Michael Niedermayer Nov. 17, 2022, 11:14 p.m. UTC
Fixes: division by zero
Fixes: 52230/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5922608915021824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/tiff.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Michael Niedermayer Nov. 28, 2022, 7:51 p.m. UTC | #1
On Fri, Nov 18, 2022 at 12:14:17AM +0100, Michael Niedermayer wrote:
> Fixes: division by zero
> Fixes: 52230/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5922608915021824
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/tiff.c | 2 ++
>  1 file changed, 2 insertions(+)

will apply

[...]
diff mbox series

Patch

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 5b56892071..cde318d5e5 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1896,6 +1896,8 @@  static void camera_xyz_coeff(TiffContext *s,
     for (i = 0; i < 3; i++) {
         for (num = j = 0; j < 3; j++)
             num += cam2rgb[i][j];
+        if (!num)
+            num = 1;
         for (j = 0; j < 3; j++)
             cam2rgb[i][j] /= num;
         s->premultiply[i] = 1.f / num;