iamf_parse: Layer, thou shalt not be 0

James Almer Mon, 17 Jun 2024 17:34:12 -0700

On 6/16/2024 8:08 PM, Michael Niedermayer wrote:

Fixes: out of array access
Fixes: 
68302/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4665793796177920


Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
  libavformat/iamf_parse.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
index 5c2ff6862a7..12c2b9533a8 100644
--- a/libavformat/iamf_parse.c
+++ b/libavformat/iamf_parse.c
@@ -330,7 +330,7 @@ static int scalable_channel_layout_config(void *s, 
AVIOContext *pb,
      nb_layers = avio_r8(pb) >> 5; // get_bits(&gb, 3);
      // skip_bits(&gb, 5); //reserved

- if (nb_layers > 6)

+    if (nb_layers > 6 || nb_layers == 0)
          return AVERROR_INVALIDDATA;

audio_element->layers = av_calloc(nb_layers, sizeof(*audio_element->layers));


LGMT, but please change the commit message.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/9] avformat/iamf_parse: Layer, thou shalt not be 0

Reply via email to