On 10/5/2021 5:51 PM, Michael Niedermayer wrote:
Fixes: division by 0
Fixes:
39562/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-5448834960982016
Fixes:
39589/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6119205334810624
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/amr_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/amr_parser.c b/libavcodec/amr_parser.c
index 79258d4d0cf..9fb7711fee0 100644
--- a/libavcodec/amr_parser.c
+++ b/libavcodec/amr_parser.c
@@ -62,7 +62,7 @@ static int amr_parse(AVCodecParserContext *s1,
*poutbuf_size = 0;
*poutbuf = NULL;
- if (s1->flags & PARSER_FLAG_COMPLETE_FRAMES) {
+ if (s1->flags & PARSER_FLAG_COMPLETE_FRAMES || !avctx->channels) {
No line in the parser divides by avctx->channels. There's however one
doing a modulo avctx->channels. Wouldn't this mean the compiler is being
overzealous with optimizations?
Also, instead of this please do the same as the decoder, and set
channels to 1 and layout to mono if nothing is already set. Forcing the
"complete frames" path when no channels are set feels like a hacky
workaround.
If the relevant parser flag is not set, then you must not treat packets
as if they contained complete frames.
next = buf_size;
} else {
int ch, offset = 0;
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
