[FFmpeg-devel] [PATCH] avformat/vpk: fix divide by zero
Michael Niedermayer
michael at niedermayer.cc
Fri Aug 9 23:42:32 EEST 2024
On Wed, Aug 07, 2024 at 03:42:46PM +0200, Kacper Michajłow wrote:
> Can happen after calling avformat_find_stream_info() when the codec
> fails to open, but return value is 0 and subsequent uses of this context
> have zero value in channel number.
>
> Found by OSS-Fuzz.
>
> Signed-off-by: Kacper Michajłow <kasper93 at gmail.com>
> ---
> libavformat/vpk.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavformat/vpk.c b/libavformat/vpk.c
> index 001ad33555..aa98ef2dd4 100644
> --- a/libavformat/vpk.c
> +++ b/libavformat/vpk.c
> @@ -86,6 +86,8 @@ static int vpk_read_packet(AVFormatContext *s, AVPacket *pkt)
>
> vpk->current_block++;
> if (vpk->current_block == vpk->block_count) {
> + if (par->ch_layout.nb_channels <= 0)
> + return AVERROR_INVALIDDATA;
> unsigned size = vpk->last_block_size / par->ch_layout.nb_channels;
> unsigned skip = (par->block_align - vpk->last_block_size) / par->ch_layout.nb_channels;
> uint64_t pos = avio_tell(s->pb);
iam not sure if a parser or other should replace a valid set of
parameters by an invalid
(this patch implies that such a action occured)
can you explain more detailedly by what and why channels is set to 0 ?
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Whats the most studid thing your enemy could do ? Blow himself up
Whats the most studid thing you could do ? Give up your rights and
freedom because your enemy blew himself up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240809/a44ec6f0/attachment.sig>
More information about the ffmpeg-devel
mailing list