Re: [FFmpeg-devel] [PATCH 2/4] avcodec/tta: Limit decoder to 16 channels

2019-07-08 Thread Michael Niedermayer 
On Fri, Jun 28, 2019 at 10:53:43PM +0200, Michael Niedermayer wrote:
> libtta 2.3 has a limit of 6 channels, so 16 is substantially above the 
> "official" already
> 
> Fixes: OOM
> Fixes: 
> 15249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5643988125614080
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer 
> ---
>  libavcodec/tta.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Dictatorship: All citizens are under surveillance, all their steps and
actions recorded, for the politicians to enforce control.
Democracy: All politicians are under surveillance, all their steps and
actions recorded, for the citizens to enforce control.


signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/4] avcodec/tta: Limit decoder to 16 channels

2019-06-28 Thread Michael Niedermayer 
libtta 2.3 has a limit of 6 channels, so 16 is substantially above the 
"official" already

Fixes: OOM
Fixes: 
15249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5643988125614080

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
---
 libavcodec/tta.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index c7702610b6..4d27fcd555 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -163,7 +163,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx)
 s->data_length = get_bits_long(&gb, 32);
 skip_bits_long(&gb, 32); // CRC32 of header
 
-if (s->channels == 0) {
+if (s->channels == 0 || s->channels > 16) {
 av_log(avctx, AV_LOG_ERROR, "Invalid number of channels\n");
 return AVERROR_INVALIDDATA;
 } else if (avctx->sample_rate == 0) {
-- 
2.22.0

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".