[FFmpeg-devel] [PATCH 1/2] avformat/avr: Check sample rate

Tue Aug 1 13:55:49 EEST 2023

Michael Niedermayer:
> Fixes: 54979/clusterfuzz-testcase-minimized-ffmpeg_dem_AVR_fuzzer-6681035461230592
> Fixes: Timeout
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavformat/avr.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavformat/avr.c b/libavformat/avr.c
> index 1cc4d56bfb..3fe8614b25 100644
> --- a/libavformat/avr.c
> +++ b/libavformat/avr.c
> @@ -75,6 +75,9 @@ static int avr_read_header(AVFormatContext *s)
>      avio_skip(s->pb, 20);
>      avio_skip(s->pb, 64);
>  
> +    if (st->codecpar->sample_rate == 0)
> +        return AVERROR_INVALIDDATA;
> +
>      st->codecpar->codec_id = ff_get_pcm_codec_id(bps, 0, 1, sign);
>      if (st->codecpar->codec_id == AV_CODEC_ID_NONE) {
>          avpriv_request_sample(s, "Bps %d and sign %d", bps, sign);

Why don't you check this directly after having read the sample rate?
That way the value would still be in a register.

- Andreas