Michael Niedermayer: > Fixes: shift exponent -1 is negative > Fixes: > 26107/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGX_fuzzer-5378790047612928 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/pgxdec.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/pgxdec.c b/libavcodec/pgxdec.c > index 150f8bbf66..5c735894ab 100644 > --- a/libavcodec/pgxdec.c > +++ b/libavcodec/pgxdec.c > @@ -133,14 +133,14 @@ static int pgx_decode_frame(AVCodecContext *avctx, void > *data, > if ((ret = ff_set_dimensions(avctx, width, height)) < 0) > return ret; > > - if (depth <= 8) { > + if (depth > 0 && depth <= 8) { > avctx->pix_fmt = AV_PIX_FMT_GRAY8; > bpp = 8; > - } else if (depth <= 16) { > + } else if (depth > 0 && depth <= 16) { > avctx->pix_fmt = AV_PIX_FMT_GRAY16; > bpp = 16; > } else { > - av_log(avctx, AV_LOG_ERROR, "Maximum depth of 16 bits supported.\n"); > + av_log(avctx, AV_LOG_ERROR, "depth %d is invalid or unsupported.\n", > depth); > return AVERROR_PATCHWELCOME; > } > if (bytestream2_get_bytes_left(&g) < width * height * (bpp >> 3)) > I presume the parsed depth to be zero in your testcase. Said number comes from pgx_get_number() which is only used to parse values for which a value of zero makes no sense. Wouldn't it make more sense to error out there if the number is zero?
- Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
