diff mbox series

[FFmpeg-devel] avformat/iamfdec: check nb_streams in header read

Message ID 20240427185145.1458898-1-michael@niedermayer.cc
State Accepted
Commit 9f54c13bc4650c59fe2ffb04f5b85145f196fbb7
Headers show
Series [FFmpeg-devel] avformat/iamfdec: check nb_streams in header read | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished

Commit Message

Michael Niedermayer April 27, 2024, 6:51 p.m. UTC 
Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572
Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/iamfdec.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

James Almer April 27, 2024, 11:58 p.m. UTC | #1 
On 4/27/2024 3:51 PM, Michael Niedermayer wrote:
> Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572
> Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavformat/iamfdec.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c
> index e34d13e74c5..ce6d4aa0647 100644
> --- a/libavformat/iamfdec.c
> +++ b/libavformat/iamfdec.c
> @@ -154,6 +154,9 @@ static int iamf_read_header(AVFormatContext *s)
>           }
>       }
>   
> +    if (!s->nb_streams)
> +        return AVERROR_INVALIDDATA;
> +
>       return 0;
>   }

Should be ok.
Michael Niedermayer April 30, 2024, 10:57 p.m. UTC | #2 
On Sat, Apr 27, 2024 at 08:58:22PM -0300, James Almer wrote:
> On 4/27/2024 3:51 PM, Michael Niedermayer wrote:
> > Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572
> > Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >   libavformat/iamfdec.c | 3 +++
> >   1 file changed, 3 insertions(+)
> > 
> > diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c
> > index e34d13e74c5..ce6d4aa0647 100644
> > --- a/libavformat/iamfdec.c
> > +++ b/libavformat/iamfdec.c
> > @@ -154,6 +154,9 @@ static int iamf_read_header(AVFormatContext *s)
> >           }
> >       }
> > +    if (!s->nb_streams)
> > +        return AVERROR_INVALIDDATA;
> > +
> >       return 0;
> >   }
> 
> Should be ok.

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c
index e34d13e74c5..ce6d4aa0647 100644
--- a/libavformat/iamfdec.c
+++ b/libavformat/iamfdec.c
@@ -154,6 +154,9 @@  static int iamf_read_header(AVFormatContext *s)
         }
     }
 
+    if (!s->nb_streams)
+        return AVERROR_INVALIDDATA;
+
     return 0;
 }