diff mbox series

[FFmpeg-devel] libswresample: Prevent out of bounds.

Message ID 20230802121410.1141794-1-kobrineli@ispras.ru
State Accepted
Commit 3e97d96e6f239894317fc6eb778b25ce67ce5451
Headers show
Series [FFmpeg-devel] libswresample: Prevent out of bounds. | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

kobrineli Aug. 2, 2023, 12:14 p.m. UTC 
From: Eli Kobrin <kobrineli@ispras.ru>

We've been fuzzing torchvision with [sydr-fuzz](https://github.com/ispras/oss-sydr-fuzz)
and found out of bounds error in ffmpeg project at audioconvert.c:151.
To prevent error we need to fix checks for in and out fmt in swr_init.

Signed-off-by: Eli Kobrin <kobrineli@ispras.ru>
---
 libswresample/swresample.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Michael Niedermayer Aug. 2, 2023, 3:37 p.m. UTC | #1 
On Wed, Aug 02, 2023 at 03:14:10PM +0300, kobrineli wrote:
> From: Eli Kobrin <kobrineli@ispras.ru>
> 
> We've been fuzzing torchvision with [sydr-fuzz](https://github.com/ispras/oss-sydr-fuzz)
> and found out of bounds error in ffmpeg project at audioconvert.c:151.
> To prevent error we need to fix checks for in and out fmt in swr_init.
> 
> Signed-off-by: Eli Kobrin <kobrineli@ispras.ru>
> ---
>  libswresample/swresample.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libswresample/swresample.c b/libswresample/swresample.c
index 6dc329a9d0..fb3d7bccbf 100644
--- a/libswresample/swresample.c
+++ b/libswresample/swresample.c
@@ -196,11 +196,11 @@  av_cold int swr_init(struct SwrContext *s){
 
     clear_context(s);
 
-    if(s-> in_sample_fmt >= AV_SAMPLE_FMT_NB){
+    if((unsigned) s-> in_sample_fmt >= AV_SAMPLE_FMT_NB){
         av_log(s, AV_LOG_ERROR, "Requested input sample format %d is invalid\n", s->in_sample_fmt);
         return AVERROR(EINVAL);
     }
-    if(s->out_sample_fmt >= AV_SAMPLE_FMT_NB){
+    if((unsigned) s->out_sample_fmt >= AV_SAMPLE_FMT_NB){
         av_log(s, AV_LOG_ERROR, "Requested output sample format %d is invalid\n", s->out_sample_fmt);
         return AVERROR(EINVAL);
     }