[FFmpeg-devel] [PATCH 2/2] avcodec/wavpack: Prevent frame format from being wrong
Michael Niedermayer
michael at niedermayer.cc
Fri Mar 20 22:50:18 EET 2020
On Fri, Mar 20, 2020 at 10:18:49AM +0100, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2020-03-20 01:03:36)
> > Fixes: out of array access
> > Fixes: 21193/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5125168956702720
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavcodec/wavpack.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
> > index b27262b94e..e9c870e41e 100644
> > --- a/libavcodec/wavpack.c
> > +++ b/libavcodec/wavpack.c
> > @@ -1488,6 +1488,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
> >
> > /* get output buffer */
> > wc->curr_frame.f->nb_samples = s->samples;
> > + wc->curr_frame.f->format = avctx->sample_fmt;
>
> How does this have any effect? curr_frame.f should now be clean and get
> initialized from avctx->sample_fmt.
IIRC
The format changes between frames, so the struct is still set to the one
from the previous frame and that overrides the use of the avctx value
setting it to NONE (here or somewhere else) should work too.
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200320/2664cb3a/attachment.sig>
More information about the ffmpeg-devel
mailing list