Message ID | 20231102235016.3935-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 4fb9d946883ba8a3e21a9e756aa27349e6e22cef |
Headers | show |
Series | [FFmpeg-devel,1/4] avfilter/framesync: cuddle () closer around = | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On Thu, Nov 2, 2023, 19:50 Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: Timeout > Fixes: > 63661/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-6615365234589696 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/lafdec.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c > index 59a59dcfe9c..b867f106aee 100644 > --- a/libavformat/lafdec.c > +++ b/libavformat/lafdec.c > @@ -139,7 +139,9 @@ static int laf_read_header(AVFormatContext *ctx) > s->index = 0; > s->stored_index = 0; > s->bpp = bpp; > - if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX) > + if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX || > + (int64_t)bpp * st_count * (int64_t)sample_rate == 0 > + ) > return AVERROR_INVALIDDATA; > s->data = av_calloc(st_count * sample_rate, bpp); > if (!s->data) > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > This looks OK to me. -- Sean McGovern >
diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c index 59a59dcfe9c..b867f106aee 100644 --- a/libavformat/lafdec.c +++ b/libavformat/lafdec.c @@ -139,7 +139,9 @@ static int laf_read_header(AVFormatContext *ctx) s->index = 0; s->stored_index = 0; s->bpp = bpp; - if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX) + if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX || + (int64_t)bpp * st_count * (int64_t)sample_rate == 0 + ) return AVERROR_INVALIDDATA; s->data = av_calloc(st_count * sample_rate, bpp); if (!s->data)
Fixes: Timeout Fixes: 63661/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-6615365234589696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/lafdec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)