On Wed, Aug 07, 2024 at 03:42:46PM +0200, Kacper Michajłow wrote:
> Can happen after calling avformat_find_stream_info() when the codec
> fails to open, but return value is 0 and subsequent uses of this context
> have zero value in channel number.
>
> Found by OSS-Fuzz.
>
> Signed-off-by: Kacper Michajłow <kaspe...@gmail.com>
> ---
> libavformat/vpk.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavformat/vpk.c b/libavformat/vpk.c
> index 001ad33555..aa98ef2dd4 100644
> --- a/libavformat/vpk.c
> +++ b/libavformat/vpk.c
> @@ -86,6 +86,8 @@ static int vpk_read_packet(AVFormatContext *s, AVPacket
> *pkt)
>
> vpk->current_block++;
> if (vpk->current_block == vpk->block_count) {
> + if (par->ch_layout.nb_channels <= 0)
> + return AVERROR_INVALIDDATA;
> unsigned size = vpk->last_block_size / par->ch_layout.nb_channels;
> unsigned skip = (par->block_align - vpk->last_block_size) /
> par->ch_layout.nb_channels;
> uint64_t pos = avio_tell(s->pb);iam not sure if a parser or other should replace a valid set of parameters by an invalid (this patch implies that such a action occured) can you explain more detailedly by what and why channels is set to 0 ? thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Whats the most studid thing your enemy could do ? Blow himself up Whats the most studid thing you could do ? Give up your rights and freedom because your enemy blew himself up.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
