[FFmpeg-devel,1/2] avformat/avr: Check sample rate

Message ID	20230722234621.28731-1-michael@niedermayer.cc
State	New
Headers	show Delivered-To: ffmpegpatchwork2@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Sun, 23 Jul 2023 01:46:20 +0200 Message-Id: <20230722234621.28731-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 1/2] avformat/avr: Check sample rate Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/2] avformat/avr: Check sample rate \| expand [FFmpeg-devel,1/2] avformat/avr: Check sample rate [FFmpeg-devel,2/2] tools/target_dec_fuzzer: Adjust threshold for jpeg2000

Message ID

20230722234621.28731-1-michael@niedermayer.cc

State

New

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 23 Jul 2023 01:46:20 +0200
Message-Id: <20230722234621.28731-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 1/2] avformat/avr: Check sample rate
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Series

[FFmpeg-devel,1/2] avformat/avr: Check sample rate | expand

Checks

Context	Check	Description
yinshiyou/make_loongarch64	success	Make finished
yinshiyou/make_fate_loongarch64	success	Make fate finished
andriy/make_x86	success	Make finished
andriy/make_fate_x86	success	Make fate finished

Context

Check

Description

yinshiyou/make_loongarch64

success

Make finished

yinshiyou/make_fate_loongarch64

success

Make fate finished

andriy/make_x86

success

Make finished

andriy/make_fate_x86

success

Make fate finished

Commit Message

Michael Niedermayer July 22, 2023, 11:46 p.m. UTC

Fixes: 54979/clusterfuzz-testcase-minimized-ffmpeg_dem_AVR_fuzzer-6681035461230592
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/avr.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Andreas Rheinhardt Aug. 1, 2023, 10:55 a.m. UTC | #1

Michael Niedermayer:
> Fixes: 54979/clusterfuzz-testcase-minimized-ffmpeg_dem_AVR_fuzzer-6681035461230592
> Fixes: Timeout
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/avr.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavformat/avr.c b/libavformat/avr.c
> index 1cc4d56bfb..3fe8614b25 100644
> --- a/libavformat/avr.c
> +++ b/libavformat/avr.c
> @@ -75,6 +75,9 @@ static int avr_read_header(AVFormatContext *s)
>      avio_skip(s->pb, 20);
>      avio_skip(s->pb, 64);
>  
> +    if (st->codecpar->sample_rate == 0)
> +        return AVERROR_INVALIDDATA;
> +
>      st->codecpar->codec_id = ff_get_pcm_codec_id(bps, 0, 1, sign);
>      if (st->codecpar->codec_id == AV_CODEC_ID_NONE) {
>          avpriv_request_sample(s, "Bps %d and sign %d", bps, sign);

Why don't you check this directly after having read the sample rate?
That way the value would still be in a register.

- Andreas

Michael Niedermayer Aug. 1, 2023, 7:25 p.m. UTC | #2

On Tue, Aug 01, 2023 at 12:55:49PM +0200, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: 54979/clusterfuzz-testcase-minimized-ffmpeg_dem_AVR_fuzzer-6681035461230592
> > Fixes: Timeout
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/avr.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/libavformat/avr.c b/libavformat/avr.c
> > index 1cc4d56bfb..3fe8614b25 100644
> > --- a/libavformat/avr.c
> > +++ b/libavformat/avr.c
> > @@ -75,6 +75,9 @@ static int avr_read_header(AVFormatContext *s)
> >      avio_skip(s->pb, 20);
> >      avio_skip(s->pb, 64);
> >  
> > +    if (st->codecpar->sample_rate == 0)
> > +        return AVERROR_INVALIDDATA;
> > +
> >      st->codecpar->codec_id = ff_get_pcm_codec_id(bps, 0, 1, sign);
> >      if (st->codecpar->codec_id == AV_CODEC_ID_NONE) {
> >          avpriv_request_sample(s, "Bps %d and sign %d", bps, sign);
> 
> Why don't you check this directly after having read the sample rate?
> That way the value would still be in a register.

that would be cleaner too, I will apply it with that change

thx

[...]

diff --git a/libavformat/avr.c b/libavformat/avr.c
index 1cc4d56bfb..3fe8614b25 100644
--- a/libavformat/avr.c
+++ b/libavformat/avr.c
@@ -75,6 +75,9 @@  static int avr_read_header(AVFormatContext *s)
     avio_skip(s->pb, 20);
     avio_skip(s->pb, 64);
 
+    if (st->codecpar->sample_rate == 0)
+        return AVERROR_INVALIDDATA;
+
     st->codecpar->codec_id = ff_get_pcm_codec_id(bps, 0, 1, sign);
     if (st->codecpar->codec_id == AV_CODEC_ID_NONE) {
         avpriv_request_sample(s, "Bps %d and sign %d", bps, sign);

[FFmpeg-devel,1/2] avformat/avr: Check sample rate

Checks

Commit Message

Comments

Patch