Re: [FFmpeg-devel] [PATCH 2/2] avcodec/wavpack: Prevent frame format from being wrong

Mon, 23 Mar 2020 17:42:08 -0700 

On Mon, Mar 23, 2020 at 05:49:06PM +0100, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2020-03-20 21:50:18)
> > On Fri, Mar 20, 2020 at 10:18:49AM +0100, Anton Khirnov wrote:
> > > Quoting Michael Niedermayer (2020-03-20 01:03:36)
> > > > Fixes: out of array access
> > > > Fixes: 
> > > > 21193/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5125168956702720
> > > > 
> > > > Found-by: continuous fuzzing process 
> > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > > > ---
> > > >  libavcodec/wavpack.c | 1 +
> > > >  1 file changed, 1 insertion(+)
> > > > 
> > > > diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
> > > > index b27262b94e..e9c870e41e 100644
> > > > --- a/libavcodec/wavpack.c
> > > > +++ b/libavcodec/wavpack.c
> > > > @@ -1488,6 +1488,7 @@ static int wavpack_decode_block(AVCodecContext 
> > > > *avctx, int block_no,
> > > >  
> > > >          /* get output buffer */
> > > >          wc->curr_frame.f->nb_samples = s->samples;
> > > > +        wc->curr_frame.f->format     = avctx->sample_fmt;
> > > 
> > > How does this have any effect? curr_frame.f should now be clean and get
> > > initialized from avctx->sample_fmt.
> > 
> > IIRC
> > The format changes between frames, so the struct is still set to the one
> > from the previous frame and that overrides the use of the avctx value
> > 
> > setting it to NONE (here or somewhere else) should work too.
> 
> ff_thread_release_buffer() is called on that frame immediately before,
> which should reset it to defaults (setting format to FMT_NONE).

ff_thread_release_buffer() does not reset it in all cases
Ill send an alternative patch, which does the reset in the get side
on failure. We already have some reset code for dimensions there.

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Into a blind darkness they enter who follow after the Ignorance,
they as if into a greater darkness enter who devote themselves
to the Knowledge alone. -- Isha Upanishad

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to