[FFmpeg-devel,4/4] avformat/lafdec: Check for 0 parameters

Message ID	20231102235016.3935-4-michael@niedermayer.cc
State	Accepted
Commit	4fb9d946883ba8a3e21a9e756aa27349e6e22cef
Headers	show Delivered-To: ffmpegpatchwork2@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Fri, 3 Nov 2023 00:50:16 +0100 Message-Id: <20231102235016.3935-4-michael@niedermayer.cc> In-Reply-To: <20231102235016.3935-1-michael@niedermayer.cc> References: <20231102235016.3935-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 4/4] avformat/lafdec: Check for 0 parameters Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/4] avfilter/framesync: cuddle () closer around = \| expand [FFmpeg-devel,1/4] avfilter/framesync: cuddle () closer around = [FFmpeg-devel,2/4] avfilter/buffersink: cuddle () closer around = [FFmpeg-devel,3/4] avcodec/flicvideo: consider width in copy loops [FFmpeg-devel,4/4] avformat/lafdec: Check for 0 parameters

Message ID

20231102235016.3935-4-michael@niedermayer.cc

State

Accepted

Commit

4fb9d946883ba8a3e21a9e756aa27349e6e22cef

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri,  3 Nov 2023 00:50:16 +0100
Message-Id: <20231102235016.3935-4-michael@niedermayer.cc>
In-Reply-To: <20231102235016.3935-1-michael@niedermayer.cc>
References: <20231102235016.3935-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 4/4] avformat/lafdec: Check for 0 parameters
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Series

[FFmpeg-devel,1/4] avfilter/framesync: cuddle () closer around = | expand

Checks

Context	Check	Description
yinshiyou/make_loongarch64	success	Make finished
yinshiyou/make_fate_loongarch64	success	Make fate finished
andriy/make_x86	success	Make finished
andriy/make_fate_x86	success	Make fate finished

Context

Check

Description

yinshiyou/make_loongarch64

success

Make finished

yinshiyou/make_fate_loongarch64

success

Make fate finished

andriy/make_x86

success

Make finished

andriy/make_fate_x86

success

Make fate finished

Commit Message

Michael Niedermayer Nov. 2, 2023, 11:50 p.m. UTC

Fixes: Timeout
Fixes: 63661/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-6615365234589696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/lafdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Sean McGovern Nov. 3, 2023, 12:09 a.m. UTC | #1

On Thu, Nov 2, 2023, 19:50 Michael Niedermayer <michael@niedermayer.cc>
wrote:

> Fixes: Timeout
> Fixes:
> 63661/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-6615365234589696
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/lafdec.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
> index 59a59dcfe9c..b867f106aee 100644
> --- a/libavformat/lafdec.c
> +++ b/libavformat/lafdec.c
> @@ -139,7 +139,9 @@ static int laf_read_header(AVFormatContext *ctx)
>      s->index = 0;
>      s->stored_index = 0;
>      s->bpp = bpp;
> -    if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX)
> +    if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX ||
> +        (int64_t)bpp * st_count * (int64_t)sample_rate == 0
> +    )
>          return AVERROR_INVALIDDATA;
>      s->data = av_calloc(st_count * sample_rate, bpp);
>      if (!s->data)
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>

This looks OK to me.

-- Sean McGovern

>

diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
index 59a59dcfe9c..b867f106aee 100644
--- a/libavformat/lafdec.c
+++ b/libavformat/lafdec.c
@@ -139,7 +139,9 @@  static int laf_read_header(AVFormatContext *ctx)
     s->index = 0;
     s->stored_index = 0;
     s->bpp = bpp;
-    if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX)
+    if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX ||
+        (int64_t)bpp * st_count * (int64_t)sample_rate == 0
+    )
         return AVERROR_INVALIDDATA;
     s->data = av_calloc(st_count * sample_rate, bpp);
     if (!s->data)

[FFmpeg-devel,4/4] avformat/lafdec: Check for 0 parameters

Checks

Commit Message

Comments

Patch