diff mbox series

[FFmpeg-devel,2/5] avformat/usmdec: do not return 0 when no packet was produced

Message ID 20231005194440.1678-2-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/5] avcodec/bonk: Fix undefined overflow in predictor_calc_error() | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished

Commit Message

Michael Niedermayer Oct. 5, 2023, 7:44 p.m. UTC 
Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:617
Fixes: 62498/clusterfuzz-testcase-minimized-ffmpeg_dem_USM_fuzzer-4734740995112960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/usmdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Anton Khirnov Oct. 10, 2023, 11:24 a.m. UTC | #1 
Quoting Michael Niedermayer (2023-10-05 21:44:37)
> Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:617
> Fixes: 62498/clusterfuzz-testcase-minimized-ffmpeg_dem_USM_fuzzer-4734740995112960
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/usmdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/usmdec.c b/libavformat/usmdec.c
> index 1665eb8e551..b0079a1230c 100644
> --- a/libavformat/usmdec.c
> +++ b/libavformat/usmdec.c
> @@ -361,7 +361,7 @@ static int64_t parse_chunk(AVFormatContext *s, AVIOContext *pb,
>      ret = avio_skip(pb, FFMAX(0, chunk_size - (ret - chunk_start)));
>      if (ret < 0)
>          return ret;
> -    return 0;
> +    return AVERROR(EAGAIN);

I believe that should be FFERROR_REDO instead.
Michael Niedermayer Oct. 15, 2023, 11:10 p.m. UTC | #2 
On Tue, Oct 10, 2023 at 01:24:23PM +0200, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2023-10-05 21:44:37)
> > Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:617
> > Fixes: 62498/clusterfuzz-testcase-minimized-ffmpeg_dem_USM_fuzzer-4734740995112960
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/usmdec.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/libavformat/usmdec.c b/libavformat/usmdec.c
> > index 1665eb8e551..b0079a1230c 100644
> > --- a/libavformat/usmdec.c
> > +++ b/libavformat/usmdec.c
> > @@ -361,7 +361,7 @@ static int64_t parse_chunk(AVFormatContext *s, AVIOContext *pb,
> >      ret = avio_skip(pb, FFMAX(0, chunk_size - (ret - chunk_start)));
> >      if (ret < 0)
> >          return ret;
> > -    return 0;
> > +    return AVERROR(EAGAIN);
> 
> I believe that should be FFERROR_REDO instead.

will use FFERROR_REDO instead.
will also apply the rest of the patch

thx

[...]
diff mbox series

Patch

diff --git a/libavformat/usmdec.c b/libavformat/usmdec.c
index 1665eb8e551..b0079a1230c 100644
--- a/libavformat/usmdec.c
+++ b/libavformat/usmdec.c
@@ -361,7 +361,7 @@  static int64_t parse_chunk(AVFormatContext *s, AVIOContext *pb,
     ret = avio_skip(pb, FFMAX(0, chunk_size - (ret - chunk_start)));
     if (ret < 0)
         return ret;
-    return 0;
+    return AVERROR(EAGAIN);
 }
 
 static int usm_read_packet(AVFormatContext *s, AVPacket *pkt)