highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avcodec/adpcm: XA: Check shift similar to filter

Browse Source 
Fixes: negative shift
Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2020-05-31 14:59:02 +02:00
parent bd6336b970
commit 6d96bae9c4
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/adpcm.c
View File

@@ -559,6 +559,10 @@ static int xa_decode(AVCodecContext *avctx, int16_t *out0, int16_t *out1,
avpriv_request_sample(avctx, "unknown XA-ADPCM filter %d", filter); avpriv_request_sample(avctx, "unknown XA-ADPCM filter %d", filter);
filter=0; filter=0;
} }
if (shift < 0) {
avpriv_request_sample(avctx, "unknown XA-ADPCM shift %d", shift);
shift = 0;
}
f0 = xa_adpcm_table[filter][0]; f0 = xa_adpcm_table[filter][0];
f1 = xa_adpcm_table[filter][1]; f1 = xa_adpcm_table[filter][1];
@@ -584,10 +588,14 @@ static int xa_decode(AVCodecContext *avctx, int16_t *out0, int16_t *out1,
shift = 12 - (in[5+i*2] & 15); shift = 12 - (in[5+i*2] & 15);
filter = in[5+i*2] >> 4; filter = in[5+i*2] >> 4;
if (filter >= FF_ARRAY_ELEMS(xa_adpcm_table)) { if (filter >= FF_ARRAY_ELEMS(xa_adpcm_table) || shift < 0) {
avpriv_request_sample(avctx, "unknown XA-ADPCM filter %d", filter); avpriv_request_sample(avctx, "unknown XA-ADPCM filter %d", filter);
filter=0; filter=0;
} }
if (shift < 0) {
avpriv_request_sample(avctx, "unknown XA-ADPCM shift %d", shift);
shift = 0;
}
f0 = xa_adpcm_table[filter][0]; f0 = xa_adpcm_table[filter][0];
f1 = xa_adpcm_table[filter][1]; f1 = xa_adpcm_table[filter][1];