On Thu, Mar 17, 2022 at 10:07:29PM -0300, James Almer wrote:
> avctx->ch_layout will be reinitialized using channel_mask later in the
> function.
> 
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
>  libavcodec/wmaprodec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c
> index 5c1d38eca5..6a8b895c1b 100644
> --- a/libavcodec/wmaprodec.c
> +++ b/libavcodec/wmaprodec.c
> @@ -402,7 +402,7 @@ static av_cold int decode_init(WMAProDecodeCtx *s, AVCodecContext *avctx, int nu
>          s->decode_flags    = AV_RL16(edata_ptr+14);
>          channel_mask       = AV_RL32(edata_ptr+2);
>          s->bits_per_sample = AV_RL16(edata_ptr);
> -        s->nb_channels     = avctx->ch_layout.nb_channels;
> +        s->nb_channels     = channel_mask ? av_popcount(channel_mask) : avctx->ch_layout.nb_channels;

Fixes: 45736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5769886813519872

and please apply this or a equivalent patch

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The smallest minority on earth is the individual. Those who deny 
individual rights cannot claim to be defenders of minorities. - Ayn Rand