On Wed, Aug 07, 2024 at 03:42:46PM +0200, Kacper Michajłow wrote: > Can happen after calling avformat_find_stream_info() when the codec > fails to open, but return value is 0 and subsequent uses of this context > have zero value in channel number. > > Found by OSS-Fuzz. > > Signed-off-by: Kacper Michajłow > --- > libavformat/vpk.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/vpk.c b/libavformat/vpk.c > index 001ad33555..aa98ef2dd4 100644 > --- a/libavformat/vpk.c > +++ b/libavformat/vpk.c > @@ -86,6 +86,8 @@ static int vpk_read_packet(AVFormatContext *s, AVPacket *pkt) > > vpk->current_block++; > if (vpk->current_block == vpk->block_count) { > + if (par->ch_layout.nb_channels <= 0) > + return AVERROR_INVALIDDATA; > unsigned size = vpk->last_block_size / par->ch_layout.nb_channels; > unsigned skip = (par->block_align - vpk->last_block_size) / par->ch_layout.nb_channels; > uint64_t pos = avio_tell(s->pb); iam not sure if a parser or other should replace a valid set of parameters by an invalid (this patch implies that such a action occured) can you explain more detailedly by what and why channels is set to 0 ? thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Whats the most studid thing your enemy could do ? Blow himself up Whats the most studid thing you could do ? Give up your rights and freedom because your enemy blew himself up.