From patchwork Wed Apr 3 22:51:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 47779 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id mm22csp708184pzb; Wed, 3 Apr 2024 15:52:14 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWH1jpnrbh4HSYJso9pci1rayIHUzeXchGrUKGn5GQfNc5mUS/+c43BgD7DQ6lOS5k7wQq42I0GkFOjjyIWCvr+9JOjztfiSnObRw== X-Google-Smtp-Source: AGHT+IHV/ek499oB6829xFVN3p+88XoltjQ8vzIau2SXX6OAV17iY5CH4DuVa4nwk31s3gkFOP4s X-Received: by 2002:a50:8d55:0:b0:56d:c5c2:f7f8 with SMTP id t21-20020a508d55000000b0056dc5c2f7f8mr464765edt.5.1712184734112; Wed, 03 Apr 2024 15:52:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712184734; cv=none; d=google.com; s=arc-20160816; b=AhgZqbLi32mq9wwXV9Kw/uTw5ox60eZgDtAzLSVWOEIFO2LkrfWpCbWPuqNjV4lSrP j2/04HSM0WuBzCAi2fDIYvocBx9K2xfGgk6R1vi+5j3dIVsDbbN9enRlLQ4Ht9crvJBr FgkdiGpyCINaO1aB7SoePmbNQXM+8MD/wFxcZV4Xttr0nRZsL4AxP9MwEtmCNNg2ELT9 IXeT7nlC+tfX92JC35/UM+OaMaSWWTpbTyG/0ZCJRp7kW+shF96c92MY/jg+3OMk+KVJ BWzuIfxmIDCRtp+1NN2ivsdMvTCG3Ver/Zjn0qcmTClLMHU7gcV6KUERII8enTWoQZz0 1aTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=7VqrT4Nj17jDWdUBVow9romaNghF1BjCouBenK6uANI=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=PwcmCW84KmIzGJSLr2nQwAe7R13nNZvtQqBV6VrHbJYKMws52UJiHW/2MT3cCcT1JG wxGEVSRlBWkGJZQPUeL7un9Lq/v+KKP/p0i8dD0MwESBSiE5HYy6rmLyrSO9h1xHlgM3 7DNneb3gGvuxH71ogtj28Y91qiUpqO57pY12596omONoPqKq9wop5QQkcTTix8UoUpRp Z6wIaH7tP3iDglYNVhrYOKVFaM2EN2Co1rDhluC1wLFU0c/LxpgT7Xp+zkdqcwKoT5Sp Al0kDcker6lvi6fkeMkGe7c3J+NWiCqTqNT+J2iNss+qw2Ege0ExrlJThVHXXZgabsiE G9Rw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b="GBc8/jRl"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id f11-20020a056402354b00b005688020db5dsi7261840edd.568.2024.04.03.15.52.13; Wed, 03 Apr 2024 15:52:14 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b="GBc8/jRl"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B8FC268D15F; Thu, 4 Apr 2024 01:51:45 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4CB2C68D12D for ; Thu, 4 Apr 2024 01:51:38 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 95AA01C0002 for ; Wed, 3 Apr 2024 22:51:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1712184697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:in-reply-to:in-reply-to:references:references; bh=Pn/abjTWmcza8wvkCz7zJTug/W/EEDlRDNlhSbHsodA=; b=GBc8/jRlOgq+0G4UD4a7sSQ2ZwY98RKYOEyUpiB0aGRakQ5EN4ec4UrcNSuFExDebXo8lP C9dYr0agE1eba3EfCJ2mjkvPwlfBkCADXhgD2vGZTLyq3uxRmAmGHeTwiHle3SYrY03Gr3 SNNxxxHPbCZQ/3Jtqy+P3O256tmKY1505TaBYTQ2Faf6uRl68Ic0zWz0AgVoH1oixm6r9n ClGLpZ2nUGnAjcBHs+vaJh+7pa045LQqoq5UsBo05EQGi51jdW1XkDOi6udhBX4mKba5k/ gRoI1cejvA325V5cPTEnPtDnlvsbn6Xu0aH35LbRzAfklZGGPIoH3e0qBZR49w== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Thu, 4 Apr 2024 00:51:33 +0200 Message-Id: <20240403225134.31764-4-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20240403225134.31764-1-michael@niedermayer.cc> References: <20240403225134.31764-1-michael@niedermayer.cc> X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 4/5] avformat/mxfdec: Check index_edit_rate X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: zu5SA44KdPBV Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62 Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 04de4c1d5e3..233d614f783 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1264,6 +1264,9 @@ static int mxf_read_index_table_segment(void *arg, AVIOContext *pb, int tag, int case 0x3F0B: segment->index_edit_rate.num = avio_rb32(pb); segment->index_edit_rate.den = avio_rb32(pb); + if (segment->index_edit_rate.num <= 0 || + segment->index_edit_rate.den <= 0) + return AVERROR_INVALIDDATA; av_log(NULL, AV_LOG_TRACE, "IndexEditRate %d/%d\n", segment->index_edit_rate.num, segment->index_edit_rate.den); break;