[FFmpeg-devel] [PATCH 03/12] avcodec/fitsdec: Prevent division by 0 with huge data_max
Paul B Mahol
onemda at gmail.com
Thu Sep 26 10:52:48 EEST 2019
lgtm
On 9/25/19, Michael Niedermayer <michael at niedermayer.cc> wrote:
> Fixes: division by 0
> Fixes:
> 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/fitsdec.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/fitsdec.c b/libavcodec/fitsdec.c
> index 4f452422ef..88b841a964 100644
> --- a/libavcodec/fitsdec.c
> +++ b/libavcodec/fitsdec.c
> @@ -195,6 +195,7 @@ static int fits_decode_frame(AVCodecContext *avctx, void
> *data, int *got_frame,
> uint8_t *dst8;
> uint16_t *dst16;
> uint64_t t;
> + double scale;
> FITSHeader header;
> FITSContext * fitsctx = avctx->priv_data;
>
> @@ -204,6 +205,12 @@ static int fits_decode_frame(AVCodecContext *avctx,
> void *data, int *got_frame,
> if (ret < 0)
> return ret;
>
> + scale = header.data_max - header.data_min;
> + if (scale <= 0 || !isfinite(scale)) {
> + scale = 1;
> + }
> + scale = 1/scale;
> +
> if (header.rgb) {
> if (header.bitpix == 8) {
> if (header.naxisn[2] == 3) {
> @@ -272,7 +279,7 @@ static int fits_decode_frame(AVCodecContext *avctx, void
> *data, int *got_frame,
> for (j = 0; j < avctx->width; j++) { \
> t = rd; \
> if (!header.blank_found || t != header.blank) { \
> - *dst++ = ((t - header.data_min) * ((1 << (sizeof(type)
> * 8)) - 1)) / (header.data_max - header.data_min); \
> + *dst++ = ((t - header.data_min) * ((1 << (sizeof(type)
> * 8)) - 1)) * scale; \
> } else { \
> *dst++ = fitsctx->blank_val; \
> } \
> --
> 2.23.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list