On Thu, Mar 17, 2022 at 08:40:48PM -0300, James Almer wrote:
> On 3/17/2022 8:30 PM, Michael Niedermayer wrote:
> > Fixes: out of array write
> > Fixes: 45624/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-6473487382872064
> > Fixes: 45626/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-4874997192065024
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >   libavcodec/alsdec.c | 3 ++-
> >   1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
> > index 822cf211b0..73af829178 100644
> > --- a/libavcodec/alsdec.c
> > +++ b/libavcodec/alsdec.c
> > @@ -1986,7 +1986,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
> >       unsigned int c;
> >       unsigned int channel_size;
> >       int num_buffers, ret;
> > -    int channels = avctx->ch_layout.nb_channels;
> > +    int channels;
> >       ALSDecContext *ctx = avctx->priv_data;
> >       ALSSpecificConfig *sconf = &ctx->sconf;
> >       ctx->avctx = avctx;
> > @@ -2000,6 +2000,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
> >           av_log(avctx, AV_LOG_ERROR, "Reading ALSSpecificConfig failed.\n");
> >           return ret;
> >       }
> > +    channels = avctx->ch_layout.nb_channels;
> >       if ((ret = check_specific_config(ctx)) < 0) {
> >           return ret;
> 
> LGTM

will apply

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates