From patchwork Thu Sep 21 18:09:07 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 43866
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:38a7:b0:15d:8365:d4b8 with SMTP id n39csp309984pzf;
        Thu, 21 Sep 2023 11:09:25 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEpXkLNM0psFZXVvpySnlsJp1JiBMe4b/ksCysA94tr6y6QPUk2L5a9UvdRyGu3AHbunNol
X-Received: by 2002:a2e:8656:0:b0:2c0:3413:5d9a with SMTP id
 i22-20020a2e8656000000b002c034135d9amr6326549ljj.34.1695319765033;
        Thu, 21 Sep 2023 11:09:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695319765; cv=none;
        d=google.com; s=arc-20160816;
        b=f2CdW5S9NxlbAUM8/8R94ty0zss1JzhRZePwojvvNK9KK8oKNA5AHFEtfrpskWzs8D
         vpud1C9sSZce6iLsBLC7y2izGKF+To6LZhFnzMmmS2eSRHxRmPyD5q5/0QHpZBlJb6td
         aQkZG7sf4gDToDjjJAVSjWLMwaT/shQGzkb8Bq92miljZe/za/5/TEFljPVI9+aOv7BI
         6YahdTLEeLX82vWRvt1/uAv4MEGu/AimpUQz3zEj0XQVml+SNu22Ho/nWuprrJRwAbUU
         07Td9tQS+LVcCrfx5Lx7QW5Eswf7PvvQS3mLpmXb8sWpYcrIztYEhNikNNidFSBl2tqb
         ZQ5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:message-id:date:to:from:delivered-to;
        bh=r1CYRuKUXe937GElrN45abVpeDbBZVwyYJbAslYgYRM=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=PqVEGxwLNY+oJnuIKvGmqaiHuz+t2uPUjZtabWRCg7A7Aqqe1RohTs90MN0d6LPnqe
         3NdoG4Z3onx2+nh2tPniR2f2oqiGkCw6bfGWsbCBXWhexKbkKnd4Ln0W0ZSjShxgNsBV
         h9lOw5eQyUYif09uUTxr4pksaZL1moSJAfXi5rr/j7TmcAfDecpBMgN4UVMiEWNwzIZ5
         kURZC9H8kmfWp1MiIGTMShVflrbfGvSnEJZavwHRGujxANoR3lonzUqaTW7mOlaggAzx
         VGskEt6RU00u/nL9D2zSpzt2vWZCaqMudvgJDq9/qQ3jb39bM9Bz4763hdNjw8YqKzXj
         UlTg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 l15-20020a1709067d4f00b00988994251edsi1933747ejp.258.2023.09.21.11.09.24;
        Thu, 21 Sep 2023 11:09:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 934C068C911;
	Thu, 21 Sep 2023 21:09:20 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net
 [217.70.183.194])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D332768C1C2
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 21:09:13 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 2BC6F40002
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 18:09:12 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu, 21 Sep 2023 20:09:07 +0200
Message-Id: <20230921180912.10733-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 1/6] avcodec/osq: Check that pkt_offset does
 not exceed pkt size
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: ltgP+pnhzbvk

Fixes: out of array access
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6227491892887552
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6268561729126400
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6414805046788096
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6538151088488448
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6608131540779008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/osq.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/osq.c b/libavcodec/osq.c
index e7f11691d2e..bcc75fef6fc 100644
--- a/libavcodec/osq.c
+++ b/libavcodec/osq.c
@@ -408,6 +408,9 @@ static int osq_receive_frame(AVCodecContext *avctx, AVFrame *frame)
     GetBitContext *gb = &s->gb;
     int ret, n;
 
+    if (s->pkt_offset > s->pkt->size)
+        s->pkt_offset = 0;
+
     while (s->bitstream_size < s->max_framesize) {
         int size;
 

From patchwork Thu Sep 21 18:09:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 43867
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:38a7:b0:15d:8365:d4b8 with SMTP id n39csp310107pzf;
        Thu, 21 Sep 2023 11:09:36 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFi0nuvpvWWxEU+UdrbZdO+bb14tzqhzlBWNsaRi9MsgIwilY8z5dMlX8izRTIeCWYO37ZO
X-Received: by 2002:a17:906:76ca:b0:99b:ed44:1a79 with SMTP id
 q10-20020a17090676ca00b0099bed441a79mr5540981ejn.3.1695319775974;
        Thu, 21 Sep 2023 11:09:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695319775; cv=none;
        d=google.com; s=arc-20160816;
        b=nJ9e5Eoxxq0n7qPZHUUL3ES5eCiqnv6R4Cd/1BcDiq4Z/TeIh5tW9NKCNGHubOVFeu
         vzj/Nbu8edWt9ATvx3LjArJH8UBkIQ6ZXpahAUqt8UXt54z3foQKqa3R9Mf3O9wccr4F
         O9QqkSER23/voc5xJU/CJwRWuHVhhxm9YpV+9J55umQ8yfBLBMhnVU1+PiGwEpWKYtSo
         8yxt1qgfcxuKhxGRCpIbd5iS3395v9R528uAOOuHDBLpUyQ+Lh7CITotgc5Dh2VkElCE
         wcgEvxTzDZRWCHoA529PN6DKO+4zF+W5I2boB2HxV5MEUzkaGcHJHKYmVahZFlwyaT9W
         +/uQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=HV3sqSgTVjWBj0kt9FU/P8rKeFQQR4MKQCgKwu0nqCE=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=eM2uQfbi70tCuBCcOU1QM5+AzCPnkZvakvurYsfBaO2Xc6Ftwt/h561WwPi46WybxV
         6mvuCy8N1HHCfERIIE3enWCvA0qsxWAPgfLyX1qxtzSHTatoZjggxbY+OKlo03MDhSpn
         Tgw2zIm8zj4oJW9TdkPBzU1Si4OkuIryaTw2uGQJ8VQHlLYnwH2IHlBTTQbUkre3Wfwk
         MWQZjdxjD2C/Hp4IRjaKhO2PGgTpbrbPYcV2OVM6aVwyru4QfkebZUdKZJneOya9vGWc
         qd1mVJ9o+F0iU+uidd26wR5pOEEXNKGNgm8kkJpCN7LLd7OP0AORer6DWlejbvEf97IB
         O/5g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 l9-20020a170906230900b009ae09378e20si1740160eja.502.2023.09.21.11.09.35;
        Thu, 21 Sep 2023 11:09:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A024368C927;
	Thu, 21 Sep 2023 21:09:23 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net
 [217.70.183.201])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E028668C8DD
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 21:09:14 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 3B05D1BF206
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 18:09:13 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu, 21 Sep 2023 20:09:08 +0200
Message-Id: <20230921180912.10733-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20230921180912.10733-1-michael@niedermayer.cc>
References: <20230921180912.10733-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 2/6] avcodec/wavarc: Fix integer overflwo in
 do_stereo()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: mnnAmYiOSUVP

Fixes: signed integer overflow: 148676193 - -2006512262 cannot be represented in type 'int'
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5963163952349184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wavarc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
index b954e8800cd..48c673fdea4 100644
--- a/libavcodec/wavarc.c
+++ b/libavcodec/wavarc.c
@@ -154,11 +154,11 @@ static void do_stereo(WavArcContext *s, int ch, int correlated, int len)
     } else {
         if (correlated) {
             for (int n = 0; n < nb_samples; n++)
-                s->samples[1][n + len] += s->samples[0][n + len];
+                s->samples[1][n + len] += (unsigned)s->samples[0][n + len];
         }
         for (int n = 0; n < len; n++) {
             s->pred[0][n] = s->samples[1][nb_samples + n];
-            s->pred[1][n] = s->pred[0][n] - s->samples[0][nb_samples + n];
+            s->pred[1][n] = s->pred[0][n] - (unsigned)s->samples[0][nb_samples + n];
         }
     }
 }

From patchwork Thu Sep 21 18:09:09 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 43868
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:38a7:b0:15d:8365:d4b8 with SMTP id n39csp310202pzf;
        Thu, 21 Sep 2023 11:09:45 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEmYrvwDwH3QzObfOBaolq/lK435P8YqcljlY38DCAh2+W3Gw3MCD95MNaiqn+BzyQJCouq
X-Received: by 2002:a17:906:8a64:b0:9a1:a916:17c0 with SMTP id
 hy4-20020a1709068a6400b009a1a91617c0mr5905695ejc.50.1695319785394;
        Thu, 21 Sep 2023 11:09:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695319785; cv=none;
        d=google.com; s=arc-20160816;
        b=zaY6YUKe2Iluws2uIFZ0GQp7s71Cuh3Ehwn1S57YnTUXnHe37U/A445iZjtgQFYGD3
         eQdxHvCByIbe+18F5PowpAJ8kR7TNO3RNChZGDRFcEI7QMt4DfwXk9+kBDhnh+4mgP1H
         Dfe5cgJI4k2/F0KVZ9QVD8gp8PE0N48bGfC0MCVT6mXhKoEn4W5G9yctfuk/ysMpAqp2
         TLNeUMcb0oEAxNKW+qbyegtn1weBvzfv+X8O3XRBhtZkAfe1ltqjM0NbdSs9Jpl3Qeq8
         m6L9Kn0cPqmDyh8zZtK4z831C7zXdnqPoiyB2KLYmH69ip5DeopqwVlZ1LVUah7NmAvP
         /wcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=7Aws08AHz7fS0Gte8WCzNB1NF8LbLQ0lqaNm7j8Dzfk=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=vC+0u7DKgaNHm3T9i5DNte2+D8O+oKe0rQgkOAxezCe2ZXm7QNC6bC4lPqLuQO7n5C
         cYeB1KpJ47FRFj8GXmuKFSuaq8spMramp9oF6P4OgqJrum0Wv6MMbcOZwDnpENR8qw+a
         WkN4hCu5ZBwqgNYT5Lfy81PuaX7lb15Vkbbm+xLMSW2LsWwdSdW58I1Yct9LXvobtK5i
         58Nq/jEzDtQoCwipOyDbE5+98mDmjPYopcChozpBr6sYHzJ5cl3fu76aaUm7H9IU9LAl
         Gq48GeOYparshphO90lE4KSARlSkekmKfi+yFVUybTlYDa8K/0Lwic1OaoNZqfqCH1q1
         wokQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 j21-20020a170906051500b009a2154511e9si2067529eja.50.2023.09.21.11.09.44;
        Thu, 21 Sep 2023 11:09:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9CC6368C943;
	Thu, 21 Sep 2023 21:09:24 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 736B568C83D
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 21:09:16 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 90266E0006
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 18:09:15 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu, 21 Sep 2023 20:09:09 +0200
Message-Id: <20230921180912.10733-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20230921180912.10733-1-michael@niedermayer.cc>
References: <20230921180912.10733-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 3/6] avcodec/wavarc: Allocate
 AV_INPUT_BUFFER_PADDING_SIZE
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: ReoYj1qNJ1IN

Fixes: overread
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5963163952349184
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6048030137909248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wavarc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
index 48c673fdea4..9ba95143b8a 100644
--- a/libavcodec/wavarc.c
+++ b/libavcodec/wavarc.c
@@ -111,7 +111,7 @@ static av_cold int wavarc_init(AVCodecContext *avctx)
     }
 
     s->max_framesize = s->nb_samples * 16;
-    s->bitstream = av_calloc(s->max_framesize, sizeof(*s->bitstream));
+    s->bitstream = av_calloc(s->max_framesize + AV_INPUT_BUFFER_PADDING_SIZE, sizeof(*s->bitstream));
     if (!s->bitstream)
         return AVERROR(ENOMEM);
 

From patchwork Thu Sep 21 18:09:10 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 43869
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:38a7:b0:15d:8365:d4b8 with SMTP id n39csp310290pzf;
        Thu, 21 Sep 2023 11:09:55 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFQRMLuKvsl/IRo4cAeAcb1xDfxk6DkQjXApunBxjcOwn0B0b5rTzeKk94Rz2swRqKjaAiw
X-Received: by 2002:a17:906:8a65:b0:9ae:3e72:7c6f with SMTP id
 hy5-20020a1709068a6500b009ae3e727c6fmr4956229ejc.69.1695319794705;
        Thu, 21 Sep 2023 11:09:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695319794; cv=none;
        d=google.com; s=arc-20160816;
        b=FADgpCgoD86onNbtKc0jBLJZ3+SGe5q76bDZSXuVMCxtoaELnX5w5eFhh092Fwz6DO
         vbcNkqGIA7tnHMBJl1LqFgKiMcgclwpxeqfAHUuLcqastfXHyYnIazDZflLq8HoGDKVt
         v+JJzls7dqslyQPv/7mnXBRwZcji8WBDEjRJQMT/bghGbSYWPOqnxlFA6T3MgWC4VjOb
         opSNT6DDBcHewrOVH8EkM56Hp0NDRWtWNvyUIvYVNLYAdkZLTLHFmSSz4KvXM3yiyLsi
         ihGNpETE/ZH+VzMe0RRknb3dzfvCpSPkyLkJtYPRJVDH4jTyNzz3EMt8n6TEwc5O3gPe
         O6BQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=DAiU+T5nJ6dueNRSriw3RfW4rKneSe6Rgh0C82eVmvA=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=Kml2KZppKddY4DGVD03ypYvkb8Lqt10ln1bUw6ilQyz2DjPUgTBtQYuiU1YiO8KADx
         ZgCAKMxtEqKmSBXtk2K9pssgPyiSJK7XQXK1gnLNRJBqT3woBSbHeYhXb1OFzBz3N+dd
         jcpD7Ho3THPsg1x7q4Ke4jnrHCKYxV85EkH3YrGgQiXlyTsBXZW6p8kjz2NtN9radSR2
         5IyQyXI0HcYUWkj1ujhXJfd7pjPwM7MfTUPwwytojQecdjm47gp2wusD/tOFdL7gG4mq
         V+FYo2Ws4jFqRdXYaRZXMI2/41NhHmjk1+Mflbl4Jd5pTi01P4owLi4xbIBi+meQmRFJ
         +QRg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 t23-20020a17090605d700b00994b9b22346si1657753ejt.887.2023.09.21.11.09.54;
        Thu, 21 Sep 2023 11:09:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8E4B268C948;
	Thu, 21 Sep 2023 21:09:25 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net
 [217.70.183.194])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 03C2268C83D
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 21:09:16 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 6362740006
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 18:09:16 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu, 21 Sep 2023 20:09:10 +0200
Message-Id: <20230921180912.10733-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20230921180912.10733-1-michael@niedermayer.cc>
References: <20230921180912.10733-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 4/6] avcodec/wavarc: Check k in decode_5elp()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: p2zoJXm8zVXq

regression since 18b2ecc24778140c2bc798ed64842dc8feb6dc3a

Fixes: assertion failure
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6280165808013312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wavarc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
index 9ba95143b8a..a9d98f0c55e 100644
--- a/libavcodec/wavarc.c
+++ b/libavcodec/wavarc.c
@@ -539,6 +539,8 @@ static int decode_5elp(AVCodecContext *avctx,
         if (block_type >= 0 && block_type <= 7) {
             k = 1 + (avctx->sample_fmt == AV_SAMPLE_FMT_S16P);
             k = get_urice(gb, k) + 1;
+            if (k >= 32)
+                return AVERROR_INVALIDDATA;
         }
 
         if (block_type <=  2 || block_type ==  6 || block_type == 13 ||

From patchwork Thu Sep 21 18:09:11 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 43870
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:38a7:b0:15d:8365:d4b8 with SMTP id n39csp310376pzf;
        Thu, 21 Sep 2023 11:10:04 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEeRX4CnCyxd5GM2TpO++VHXOPhEid1B//pQ1FYJnt7TwaAqV/EuLxn9V/0MSjj/oiXLksW
X-Received: by 2002:aa7:c519:0:b0:532:bc4d:9076 with SMTP id
 o25-20020aa7c519000000b00532bc4d9076mr5577516edq.19.1695319803882;
        Thu, 21 Sep 2023 11:10:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695319803; cv=none;
        d=google.com; s=arc-20160816;
        b=iNmj12bBBxkYEkfFRlj0f9mM5/RhlL86XM1LSdOTPn8e67LUgKcw7WlfTUmkMUO9vT
         y94fuEU5tnl4CJNQ1e65jiJElNe/4Pzaq/KqHI1VYREWGCACaXFTOcgxT4gjhtttiYlP
         SK2EV4SEmnFykbM7RCKsydTWldDtY6adZr4hAM7N4LBTlCKmwCGKhd0tzkSJL3QIj6Vi
         IvCw/PrDpAB+LeUYK0cNuxP6yptrhzrIa+C/K0kqYi29PF3PdfrYIKDgJSqUyu+xIUr2
         j0q5LLsEnPHBNic4Ryx08/hJXv8RZuTdSfivFG9xa/iCe8V+Qu4DEftKEfRMXHjJm/XV
         cgVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=OlgXyed/n8NRy2fWyRBBEjp5VGQHOs5KEJ04bv4M5sc=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=AW489Q+HUshaps4tdFsFeugxHxbeMcdh3aKl8fOChiApPAICnejbACMtqJoWVu7v+b
         prJa/hoWUqkZteUZ/uTMcjZPjdYc/5EKn+L6YrOhws15NQFwXCUo8dR2qUBRkbvLiDQp
         CV7kZOcSSGSSAJVS8ti7w8gTETQljmzRNZfVLDWLXQLd8bpVZX5VVEjJEL7vsvKDLkFx
         fv6sBUsXxMHwOqhZ7xwQdLL6vInapxITl9n7iFVPXqZ0i21fkekIoO8QAQhuS/WimBew
         FxqDagCGhmL1deNSVckCowTQlk7bELPZtipVTeC41a8fL0eYo1yoqljZjdAYzujnEMMU
         boQg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 s20-20020aa7d794000000b005313e7997d2si1604290edq.556.2023.09.21.11.10.03;
        Thu, 21 Sep 2023 11:10:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6DF6868C949;
	Thu, 21 Sep 2023 21:09:26 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net
 [217.70.183.195])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5B88A68C927
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 21:09:18 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 88BF960007
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 18:09:17 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu, 21 Sep 2023 20:09:11 +0200
Message-Id: <20230921180912.10733-5-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20230921180912.10733-1-michael@niedermayer.cc>
References: <20230921180912.10733-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 5/6] avcodec/jpegxl_parse: Cleanup on error
 in read_vlc_prefix()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: H/ceyZwq/ZWw

Fixes: leak
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6167847715602432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/jpegxl_parser.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavcodec/jpegxl_parser.c b/libavcodec/jpegxl_parser.c
index 6656ed35c51..17e87d5cc34 100644
--- a/libavcodec/jpegxl_parser.c
+++ b/libavcodec/jpegxl_parser.c
@@ -777,8 +777,10 @@ static int read_vlc_prefix(GetBitContext *gb, JXLEntropyDecoder *dec, JXLSymbolD
         }
     }
 
-    if (total_code != 32768 && level2_codecounts[0] < dist->alphabet_size - 1)
-        return AVERROR_INVALIDDATA;
+    if (total_code != 32768 && level2_codecounts[0] < dist->alphabet_size - 1) {
+        ret = AVERROR_INVALIDDATA;
+        goto end;
+    }
 
     for (int i = 1; i < dist->alphabet_size + 1; i++)
         level2_codecounts[i] += level2_codecounts[i - 1];

From patchwork Thu Sep 21 18:09:12 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 43871
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:38a7:b0:15d:8365:d4b8 with SMTP id n39csp310518pzf;
        Thu, 21 Sep 2023 11:10:14 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGmRNMeUzQOK3gDIXLbPvYVr/PcN/v/E3RCrcK0ZK1qZcA+QgB9521jKijD4Qe1NtTSXJ6P
X-Received: by 2002:a17:906:cc5c:b0:9aa:138d:9f4e with SMTP id
 mm28-20020a170906cc5c00b009aa138d9f4emr5464010ejb.56.1695319813823;
        Thu, 21 Sep 2023 11:10:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695319813; cv=none;
        d=google.com; s=arc-20160816;
        b=kRXc91u99tDqNm0CxxrfqbwJAYmgS6oTtLdNOC3kUtt98IuPpKfPeodIW7qhB2QOtk
         pvNW7NgF7lB45AxfTw5Sy143OCvtpF67hLiOdGY+rkACho1vHHY8oppEj+VE693NMxXD
         Egv2VrTcmqniWIuLOdnXZe2a1/C8ob5R1NWPI3yq/swFQgs3+8zadRHejm9zNk9r/whT
         qjWeR7v096mKVAxV5W+EmJa+kkf15xHvkpOZXLIC6Tp75zYjT5buSBO+S5/7FQPpKTRS
         fnb+tnfSgK7G6YHZCFo1elos3edMtoOY11T9JQ6EwI86+Vr6mewbTcC6BJb1o+EMrG53
         0gVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=E2/lyW/z+0wR0pjP0Hl/ZxPV0KA2KVelE3OpJlC/e4o=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=vfnkGd0Pvy+gxnE/lGvBWEmBj0f89ankTymRHpUulUcYPwLJnYw5pRp+pfEnkajBDF
         OoRpj2GlHORgrsqj9yeljeEB6KqjWvHjD1SWSp+00GnPDTzkJdvem7PePRvrLRcYYSBC
         Nvl5M/ra0ioY0fnPX+5orA+Hqf/ZW1FyRhtRScb3y8XzrHN6LcE0MqJxDU3wGJYXhp+N
         CBRPsl0Cpk5o87PAxGyt3EqA+EbKQX2ABKhc7e+MsThlQOYJoXmOGdP4kBjvPkT08tVT
         douJYADVe4P3fNpJqJG5xdihAOxQf947sPrU41PTGvW2xw8rURsYTSD2w0rZ0Vfw/0mR
         3hUw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 f17-20020a170906561100b009ad84cca656si1848431ejq.735.2023.09.21.11.10.13;
        Thu, 21 Sep 2023 11:10:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6ED3768C961;
	Thu, 21 Sep 2023 21:09:27 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net
 [217.70.183.194])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EF0C468C93D
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 21:09:18 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 5F4AA40007
 for <ffmpeg-devel@ffmpeg.org>; Thu, 21 Sep 2023 18:09:18 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu, 21 Sep 2023 20:09:12 +0200
Message-Id: <20230921180912.10733-6-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20230921180912.10733-1-michael@niedermayer.cc>
References: <20230921180912.10733-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 6/6] avformat/mov: Check avif_info
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: tIyZC6/42iqm

Fixes: leak
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6674082962997248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 93c1f9e929a..52939a373ec 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -7767,7 +7767,7 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return 0;
     }
 
-    if (c->fc->nb_streams) {
+    if (c->fc->nb_streams || c->avif_info) {
         av_log(c->fc, AV_LOG_INFO, "Duplicate iloc box found\n");
         return 0;
     }