On Tue, Aug 01, 2023 at 12:55:49PM +0200, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: 54979/clusterfuzz-testcase-minimized-ffmpeg_dem_AVR_fuzzer-6681035461230592 > > Fixes: Timeout > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer > > --- > > libavformat/avr.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/libavformat/avr.c b/libavformat/avr.c > > index 1cc4d56bfb..3fe8614b25 100644 > > --- a/libavformat/avr.c > > +++ b/libavformat/avr.c > > @@ -75,6 +75,9 @@ static int avr_read_header(AVFormatContext *s) > > avio_skip(s->pb, 20); > > avio_skip(s->pb, 64); > > > > + if (st->codecpar->sample_rate == 0) > > + return AVERROR_INVALIDDATA; > > + > > st->codecpar->codec_id = ff_get_pcm_codec_id(bps, 0, 1, sign); > > if (st->codecpar->codec_id == AV_CODEC_ID_NONE) { > > avpriv_request_sample(s, "Bps %d and sign %d", bps, sign); > > Why don't you check this directly after having read the sample rate? > That way the value would still be in a register. that would be cleaner too, I will apply it with that change thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Take away the freedom of one citizen and you will be jailed, take away the freedom of all citizens and you will be congratulated by your peers in Parliament.