On Mon, 8 Apr 2024, Tomas Härdin wrote:
tor 2024-04-04 klockan 00:51 +0200 skrev Michael Niedermayer:
Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
5108429687422976
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavformat/mxfdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 04de4c1d5e3..233d614f783 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -1264,6 +1264,9 @@ static int mxf_read_index_table_segment(void
*arg, AVIOContext *pb, int tag, int
case 0x3F0B:
segment->index_edit_rate.num = avio_rb32(pb);
segment->index_edit_rate.den = avio_rb32(pb);
+ if (segment->index_edit_rate.num <= 0 ||
+ segment->index_edit_rate.den <= 0)
+ return AVERROR_INVALIDDATA;
mxf_compute_index_tables() has a check for index_edit_rate that you
probably want to remove as well. It was introduced in c6fff3d, but the
files it supposedly fixes aren't in FATE. We shouldn't encourage broken
muxers.
I don't quite get what FATE has to do with it. And the samples mentioned
in the patch has valid index segment edit rates, only they are different
from the track edit rate, and the patch was intended to fix that case.
Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
