tor 2024-04-04 klockan 00:51 +0200 skrev Michael Niedermayer: > Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62 > Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer- > 5108429687422976 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavformat/mxfdec.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > index 04de4c1d5e3..233d614f783 100644 > --- a/libavformat/mxfdec.c > +++ b/libavformat/mxfdec.c > @@ -1264,6 +1264,9 @@ static int mxf_read_index_table_segment(void > *arg, AVIOContext *pb, int tag, int > case 0x3F0B: > segment->index_edit_rate.num = avio_rb32(pb); > segment->index_edit_rate.den = avio_rb32(pb); > + if (segment->index_edit_rate.num <= 0 || > + segment->index_edit_rate.den <= 0) > + return AVERROR_INVALIDDATA;
mxf_compute_index_tables() has a check for index_edit_rate that you probably want to remove as well. It was introduced in c6fff3d, but the files it supposedly fixes aren't in FATE. We shouldn't encourage broken muxers. /Tomas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
