From patchwork Wed Aug  2 12:14:10 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: kobrineli <kobrineli@ispras.ru>
X-Patchwork-Id: 43091
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:c11f:b0:130:ccc6:6c4b with SMTP id
 bh31csp605680pzb;
        Wed, 2 Aug 2023 05:14:25 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlF9TFF45JTqR4uecEOOAwEjeXWPoylTvWrAV5RRlhBDF1bEdWBexAHAat38c9mH93pCWE8J
X-Received: by 2002:a17:907:7899:b0:99b:d4f5:a518 with SMTP id
 ku25-20020a170907789900b0099bd4f5a518mr5266321ejc.13.1690978465540;
        Wed, 02 Aug 2023 05:14:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690978465; cv=none;
        d=google.com; s=arc-20160816;
        b=C5MnRo1M8R6baXN5hjUyCb7y5NYCBS8vsOeAAmboqhayTGUW6OD7gwq1w2vbF/865C
         v0+yt0B/7r5l9JgK5UQ2IWA3AEdC7gaglsiiJZg2GGrXYRIv0wQRAy7IhjUV+QdFlTf2
         AQ0uV7uZQBQbgoLizoGxVz/liHRGL/Ads0nQhdHPKHjse0mhcopEqKSQpoGfffxnCX/H
         rQ5kXTaRA7Pse5KJl61b577aKwK0+yij61uFq2/MTnbSg0YUZUAaX9539R4PvPt1RqFj
         j05zOnWyfLCL65UFrUmgK2lSjtOJvDqScqvkdhddfQq50HRj6Q3eD/sf7R5rKNgKsrEc
         noTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:cc:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:libswresample:mime-version:message-id
         :date:to:from:dkim-signature:dkim-filter:delivered-to;
        bh=U/2Eg3lcJCmpCH6Tc64+RNa/fRSpWKxhOp2m0bEwum4=;
        fh=ibdlRJL7hPsX7vyGZAgmrkUlV+OlDJERNwSvIOcS0Zs=;
        b=l0OLXY36cYPTdbfmStSJoQcxEU10XQBUejzWVaZr701D4GAfsqe4wHR2iXhOwFKwdG
         Bdmat5rOfjtb3xud3x7paYJZab2yBtROPlQlzDP04CaCDbevNoqobCjun24s3n05lH6o
         ZTjotBHVhFd4Md//h7+Y8vELeLlU1O2t1C/pDm1dofTs+PPkSh3iUbGtPBhTrtIZ+eLa
         tM+zu//IIxW51BheES8rqhI+yCb0slAHTe0I5eOv6DnCjaZwqlMiuLdH5q9XjAxDTmpu
         J9ItunrKAacafGjJ5TquosXJjwWiLlwP16wx0LOeUytQJ2zQXJC8BH5+0zKJMuTG83tL
         7NZg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@ispras.ru
 header.s=default header.b=qZE7cPgM;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 j25-20020a170906255900b00997e71d036csi7430207ejb.678.2023.08.02.05.14.25;
        Wed, 02 Aug 2023 05:14:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@ispras.ru
 header.s=default header.b=qZE7cPgM;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 26AAF6802C1;
	Wed,  2 Aug 2023 15:14:22 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8562F6802C1
 for <ffmpeg-devel@ffmpeg.org>; Wed,  2 Aug 2023 15:14:15 +0300 (EEST)
Received: from madara.intra.ispras.ru (unknown [10.10.34.59])
 by mail.ispras.ru (Postfix) with ESMTPSA id A966940F1DE3;
 Wed,  2 Aug 2023 12:14:14 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru A966940F1DE3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru;
 s=default; t=1690978454;
 bh=TEaDgSO9qDJHAt25HguNpI0YnVfxqp8OhxhV6Lw5wqg=;
 h=From:To:Cc:Subject:Date:From;
 b=qZE7cPgMixhBsuUB4qZQD5MpreBb9r7PH6q9sBnP6KZrJxCU6rOMG+MyZQeDqx4Ru
 6xIKCZXtRETaWkM5j97/UAX6qU3Bxyb26dmPg+jwqXPw/WPVJRthbCxmoV+JDS4PWy
 XLdgrH/SS2MeeG4xhoZeKEiwcSMNG4th5tVmonHI=
From: kobrineli <kobrineli@ispras.ru>
To: ffmpeg-devel@ffmpeg.org
Date: Wed,  2 Aug 2023 15:14:10 +0300
Message-Id: <20230802121410.1141794-1-kobrineli@ispras.ru>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
libswresample: Prevent out of bounds
Subject: [FFmpeg-devel] [PATCH] libswresample: Prevent out of bounds.
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Eli Kobrin <kobrineli@ispras.ru>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: fwKzE3HijWQI

From: Eli Kobrin <kobrineli@ispras.ru>

We've been fuzzing torchvision with [sydr-fuzz](https://github.com/ispras/oss-sydr-fuzz)
and found out of bounds error in ffmpeg project at audioconvert.c:151.
To prevent error we need to fix checks for in and out fmt in swr_init.

Signed-off-by: Eli Kobrin <kobrineli@ispras.ru>
---
 libswresample/swresample.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libswresample/swresample.c b/libswresample/swresample.c
index 6dc329a9d0..fb3d7bccbf 100644
--- a/libswresample/swresample.c
+++ b/libswresample/swresample.c
@@ -196,11 +196,11 @@ av_cold int swr_init(struct SwrContext *s){
 
     clear_context(s);
 
-    if(s-> in_sample_fmt >= AV_SAMPLE_FMT_NB){
+    if((unsigned) s-> in_sample_fmt >= AV_SAMPLE_FMT_NB){
         av_log(s, AV_LOG_ERROR, "Requested input sample format %d is invalid\n", s->in_sample_fmt);
         return AVERROR(EINVAL);
     }
-    if(s->out_sample_fmt >= AV_SAMPLE_FMT_NB){
+    if((unsigned) s->out_sample_fmt >= AV_SAMPLE_FMT_NB){
         av_log(s, AV_LOG_ERROR, "Requested output sample format %d is invalid\n", s->out_sample_fmt);
         return AVERROR(EINVAL);
     }