From 50340a1a0779e584bd854d64575a496a19670f70 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 23 Oct 2019 19:41:27 +0200 Subject: [PATCH] avcodec/cook: Check samples_per_channel earlier Fixes: division by zero Fixes: 18362/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5653727679086592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 57750bb629a145326e20b8760f21f1041464a937) Signed-off-by: Michael Niedermayer --- libavcodec/cook.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/libavcodec/cook.c b/libavcodec/cook.c index 53cb83852e..f8d401e6ae 100644 --- a/libavcodec/cook.c +++ b/libavcodec/cook.c @@ -1217,6 +1217,15 @@ static av_cold int cook_decode_init(AVCodecContext *avctx) return AVERROR_PATCHWELCOME; } } + + /* Try to catch some obviously faulty streams, otherwise it might be exploitable */ + if (q->samples_per_channel != 256 && q->samples_per_channel != 512 && + q->samples_per_channel != 1024) { + avpriv_request_sample(avctx, "samples_per_channel = %d", + q->samples_per_channel); + return AVERROR_PATCHWELCOME; + } + /* Generate tables */ init_pow2table(); init_gain_table(q); @@ -1252,14 +1261,6 @@ static av_cold int cook_decode_init(AVCodecContext *avctx) q->saturate_output = saturate_output_float; } - /* Try to catch some obviously faulty streams, otherwise it might be exploitable */ - if (q->samples_per_channel != 256 && q->samples_per_channel != 512 && - q->samples_per_channel != 1024) { - avpriv_request_sample(avctx, "samples_per_channel = %d", - q->samples_per_channel); - return AVERROR_PATCHWELCOME; - } - avctx->sample_fmt = AV_SAMPLE_FMT_FLTP; if (channel_mask) avctx->channel_layout = channel_mask;