Fixes: assertion failure Fixes: 26482/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4905102324006912 Fixes: 26491/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6002953141616640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/vividas.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavformat/vividas.c b/libavformat/vividas.c index 4b2801ef34..999c4a5d1c 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -319,6 +319,8 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t * for (i = 0; i < num_video; i++) { AVStream *st = avformat_new_stream(s, NULL); + int num, den; + if (!st) return AVERROR(ENOMEM); @@ -331,8 +333,9 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t * off += ffio_read_varlen(pb); avio_r8(pb); // '3' avio_r8(pb); // val_7 - st->time_base.num = avio_rl32(pb); // frame_time - st->time_base.den = avio_rl32(pb); // time_base + num = avio_rl32(pb); // frame_time + den = avio_rl32(pb); // time_base + avpriv_set_pts_info(st, 64, num, den); st->nb_frames = avio_rl32(pb); // n frames st->codecpar->width = avio_rl16(pb); // width st->codecpar->height = avio_rl16(pb); // height -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
