From patchwork Mon Feb 13 00:33:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 40375 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:5494:b0:bf:7b3a:fd32 with SMTP id i20csp3082590pzk; Sun, 12 Feb 2023 16:33:43 -0800 (PST) X-Google-Smtp-Source: AK7set/WsNDsxwwhqohIgnvEdwes8bOe7v77WOxSHY9CvnVvhYok455PmBbLCDGAf73SH9eWbCBD X-Received: by 2002:a17:906:198f:b0:894:acbe:7a97 with SMTP id g15-20020a170906198f00b00894acbe7a97mr22697927ejd.13.1676248422978; Sun, 12 Feb 2023 16:33:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676248422; cv=none; d=google.com; s=arc-20160816; b=iSc9tFNihPj1IuobjOMvxiz+iNTTnId1LULQbmmqJPv4XA1oub7k5EsIDtZVCjM/xx Av3E7cx3+kARLeuVS5FMrrpRwjL84gFYWMITR5679HCy4tCOg3wcG2jyGpVz34pSV6LE vXHWTBqLdWRQmMHCw+GFYNXyT9IlX9UwxIuelKKBNAxqN21FSWa79c+ph9M7oJOUCYWJ kyDKiSaJGzgB1gi3u8BvttvgmlGJUtcprb6geJhyFzI19+FtRAJO7JGZu3p+mWO89Fa7 XC3CDxz9lfSNwsdzlLGHy1jmgezXIIyr72mA1ki4m6vcZ75CSf6Br3SjLwyGKTO1y17a Dalg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:delivered-to; bh=1OU1XfcjuDzVCb4q7PyTQbYu33879dEUW+vSj0YKT2A=; b=La1fgV2RhEgLtZpQVJq+UxjI9aNQBlKAruxpYIc29REooCLkU9bhRNjUTvsCskqs2C uuoOpQo2B6Qf+vas7jLtCfKgQWuNl//LuCC9Ps9c9zB3ZpAjIvvQZQCK/idTl/JD6E3P pBQTnNSy9rwgfXv57W9yOMClbWObOKrWZiiOjjSat/q+miAr83BFOU66URKsiExNSq2D +5Jjs/MqRio93S7k27tANJqu4wDSB4e01y/DZX5KRaPMB/UIF5TOoW5CItrofUGH0NgC FAF+2cHJSgW+n9bIeljxDUlxKOIghON+4KnYb3RnIqUg7464zb7Hjs1NXzZS5dmu2d2q qvrg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id mi10-20020a1709071a8a00b008af3e0e4396si11657988ejc.672.2023.02.12.16.33.42; Sun, 12 Feb 2023 16:33:42 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8A91F68BDEF; Mon, 13 Feb 2023 02:33:38 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 572AA68924F for ; Mon, 13 Feb 2023 02:33:32 +0200 (EET) Received: (Authenticated sender: michael@niedermayer.cc) by mail.gandi.net (Postfix) with ESMTPSA id 69C0120002 for ; Mon, 13 Feb 2023 00:33:31 +0000 (UTC) From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Mon, 13 Feb 2023 01:33:30 +0100 Message-Id: <20230213003330.6529-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH] avcodec/vorbisdec: Check codebook float values to be finite X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: O8Ym/sltUPth Fixes: Timeout Fixes: 55116/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-4572159970508800 Signed-off-by: Michael Niedermayer --- libavcodec/vorbisdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index dd856a6dfe..93bea12f1d 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -368,6 +368,10 @@ static int vorbis_parse_setup_hdr_codebooks(vorbis_context *vc) unsigned codebook_value_bits = get_bits(gb, 4) + 1; unsigned codebook_sequence_p = get_bits1(gb); + if (!isfinite(codebook_minimum_value) || !isfinite(codebook_delta_value)) { + ret = AVERROR_INVALIDDATA; + goto error; + } ff_dlog(NULL, " We expect %d numbers for building the codevectors. \n", codebook_lookup_values); ff_dlog(NULL, " delta %f minmum %f \n",