virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

avcodec/wavarc: Check k

Browse Source 
Fixes: Assertion failure
Fixes: 55849/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6590105973555200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2023-02-18 23:08:59 +01:00
parent 2df271c78c
commit 4dee46426e
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/wavarc.c
View File

@@ -192,6 +192,8 @@ static int decode_1dif(AVCodecContext *avctx,
if (block_type < 4 && block_type >= 0) { if (block_type < 4 && block_type >= 0) {
k = 1 + (avctx->sample_fmt == AV_SAMPLE_FMT_S16P); k = 1 + (avctx->sample_fmt == AV_SAMPLE_FMT_S16P);
k = get_urice(gb, k) + 1; k = get_urice(gb, k) + 1;
if (k > 32)
return AVERROR_INVALIDDATA;
} }
switch (block_type) { switch (block_type) {
@@ -282,6 +284,8 @@ static int decode_2slp(AVCodecContext *avctx,
if (block_type < 5 && block_type >= 0) { if (block_type < 5 && block_type >= 0) {
k = 1 + (avctx->sample_fmt == AV_SAMPLE_FMT_S16P); k = 1 + (avctx->sample_fmt == AV_SAMPLE_FMT_S16P);
k = get_urice(gb, k) + 1; k = get_urice(gb, k) + 1;
if (k > 32)
return AVERROR_INVALIDDATA;
} }
switch (block_type) { switch (block_type) {