[FFmpeg-devel] [PATCH 2/8] avcodec/hcadec: Check sample_rate

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Fri Jun 20 11:45:46 EEST 2025 

Michael Niedermayer:
> Fixes: AVERROR_BUG return
> Fixes: 413997604/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5188382613635072
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavcodec/hcadec.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavcodec/hcadec.c b/libavcodec/hcadec.c
> index 7780372cf3f..161044bfbcc 100644
> --- a/libavcodec/hcadec.c
> +++ b/libavcodec/hcadec.c
> @@ -179,6 +179,9 @@ static void ath_init1(uint8_t *ath, int sample_rate)
>  
>  static int ath_init(uint8_t *ath, int type, int sample_rate)
>  {
> +    if (sample_rate <= 0)
> +        return AVERROR_INVALIDDATA;
> +
>      switch (type) {
>      case 0:
>          /* nothing to do */

The sample rate used here comes from avctx->sample_rate, so why do you
want to check this here instead of checking it generically for all audio
decoders without AV_CODEC_CAP_CHANNEL_CONF like this:

diff --git a/libavcodec/avcodec.c b/libavcodec/avcodec.c
index 7bcb0295e5..0ad39b4d91 100644
--- a/libavcodec/avcodec.c
+++ b/libavcodec/avcodec.c
@@ -254,7 +254,11 @@ int attribute_align_arg
avcodec_open2(AVCodecContext *avctx, const AVCodec *code
         }
     }

-    if (avctx->sample_rate < 0) {
+    /* AV_CODEC_CAP_CHANNEL_CONF is a decoder-only flag; so the code below
+     * in particular checks that sample_rate is set for all audio
encoders. */
+    if (avctx->sample_rate < 0 ||
+        avctx->sample_rate == 0 && avctx->codec_type ==
AVMEDIA_TYPE_AUDIO &&
+        !(codec->capabilities & AV_CODEC_CAP_CHANNEL_CONF)) {
         av_log(avctx, AV_LOG_ERROR, "Invalid sample rate: %d\n",
avctx->sample_rate);
         ret = AVERROR(EINVAL);
         goto free_and_end;
diff --git a/libavcodec/encode.c b/libavcodec/encode.c
index 72dfa8867a..38833c566c 100644
--- a/libavcodec/encode.c
+++ b/libavcodec/encode.c
@@ -633,11 +633,6 @@ static int encode_preinit_audio(AVCodecContext *avctx)
                avctx->sample_fmt);
         return AVERROR(EINVAL);
     }
-    if (avctx->sample_rate <= 0) {
-        av_log(avctx, AV_LOG_ERROR, "Invalid audio sample rate: %d\n",
-               avctx->sample_rate);
-        return AVERROR(EINVAL);
-    }

     ret = avcodec_get_supported_config(avctx, NULL,
AV_CODEC_CONFIG_SAMPLE_FORMAT,
                                        0, (const void **) &sample_fmts,

- Andreas

More information about the ffmpeg-devel mailing list