Message ID | 20240426030839.3001504-4-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/6] avformat/mov: Check tile_item_list | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
On 4/26/2024 12:08 AM, Michael Niedermayer wrote: > Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572 > Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/iamfdec.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c > index e34d13e74c5..67ff7e8f01a 100644 > --- a/libavformat/iamfdec.c > +++ b/libavformat/iamfdec.c > @@ -162,6 +162,9 @@ static int iamf_read_packet(AVFormatContext *s, AVPacket *pkt) > IAMFDemuxContext *const c = s->priv_data; > int ret; > > + if (!s->nb_streams) > + return AVERROR_EOF; > + > ret = ff_iamf_read_packet(s, c, s->pb, INT_MAX, pkt); > if (ret < 0) > return ret; This should be checked in iamf_read_header() instead, after the nb_audio_elements loop that would add streams, and return INVALIDDATA if there's none.
diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c index e34d13e74c5..67ff7e8f01a 100644 --- a/libavformat/iamfdec.c +++ b/libavformat/iamfdec.c @@ -162,6 +162,9 @@ static int iamf_read_packet(AVFormatContext *s, AVPacket *pkt) IAMFDemuxContext *const c = s->priv_data; int ret; + if (!s->nb_streams) + return AVERROR_EOF; + ret = ff_iamf_read_packet(s, c, s->pb, INT_MAX, pkt); if (ret < 0) return ret;
Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572 Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/iamfdec.c | 3 +++ 1 file changed, 3 insertions(+)