From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id C12F149E10
	for <ffmpegdev@gitmailbox.com>; Fri,  9 Aug 2024 20:42:44 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 333FB68DA0A;
	Fri,  9 Aug 2024 23:42:41 +0300 (EEST)
Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net
 [217.70.183.199])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B6D4668D6E5
 for <ffmpeg-devel@ffmpeg.org>; Fri,  9 Aug 2024 23:42:34 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id C0549FF803
 for <ffmpeg-devel@ffmpeg.org>; Fri,  9 Aug 2024 20:42:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1723236153;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=Ads7t3P7yc1pV3qpiWaqnQVS5CYgffK8IGBsLF+4T5Y=;
 b=UztpTsrhCOS+AnXtPy14MlKE7+4rm1BHIloUEvasUbUdBJw30I3sJEE6ZdEncfEyZxiMZK
 wEmaX1HEZHlgtzAs46EYyKMP58lbEELsv6cxIXIPKeEyvCGz0gsCV1dK/7ub2+azXRLUJk
 aU9IK7B6UAUATzqSiRmS7KOWP5wP77IrEg/FMproSMy5p87uMAw5faTtcPa8HNVsVUcKke
 l+m0QP3Zu/FSRk/edQl/C8TSsWx6qDjnoDIAmJEN3ANoMLNjJ/zpFDq49g08LWfMjWfFGr
 hn7ZkYUIfCoeVNxEUMZOSySWXlUl7ZbsNJnGm9XaOzm7RfhaMqjgf1POYQH0LA==
Date: Fri, 9 Aug 2024 22:42:32 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20240809204232.GE4991@pb2>
References: <20240807134246.1559-1-kasper93@gmail.com>
MIME-Version: 1.0
In-Reply-To: <20240807134246.1559-1-kasper93@gmail.com>
X-GND-Sasl: michael@niedermayer.cc
Subject: Re: [FFmpeg-devel] [PATCH] avformat/vpk: fix divide by zero
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============3833820607471637791=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20240809204232.GE4991@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============3833820607471637791==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="JwM+kXJnAuf2qao6"
Content-Disposition: inline


--JwM+kXJnAuf2qao6
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 07, 2024 at 03:42:46PM +0200, Kacper Michaj=C5=82ow wrote:
> Can happen after calling avformat_find_stream_info() when the codec
> fails to open, but return value is 0 and subsequent uses of this context
> have zero value in channel number.
>=20
> Found by OSS-Fuzz.
>=20
> Signed-off-by: Kacper Michaj=C5=82ow <kasper93@gmail.com>
> ---
>  libavformat/vpk.c | 2 ++
>  1 file changed, 2 insertions(+)
>=20
> diff --git a/libavformat/vpk.c b/libavformat/vpk.c
> index 001ad33555..aa98ef2dd4 100644
> --- a/libavformat/vpk.c
> +++ b/libavformat/vpk.c
> @@ -86,6 +86,8 @@ static int vpk_read_packet(AVFormatContext *s, AVPacket=
 *pkt)
> =20
>      vpk->current_block++;
>      if (vpk->current_block =3D=3D vpk->block_count) {
> +        if (par->ch_layout.nb_channels <=3D 0)
> +            return AVERROR_INVALIDDATA;
>          unsigned size =3D vpk->last_block_size / par->ch_layout.nb_chann=
els;
>          unsigned skip =3D (par->block_align - vpk->last_block_size) / pa=
r->ch_layout.nb_channels;
>          uint64_t pos =3D avio_tell(s->pb);

iam not sure if a parser or other should replace a valid set of
parameters by an invalid
(this patch implies that such a action occured)

can you explain more detailedly by what and why channels is set to 0 ?

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Whats the most studid thing your enemy could do ? Blow himself up
Whats the most studid thing you could do ? Give up your rights and
freedom because your enemy blew himself up.


--JwM+kXJnAuf2qao6
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZrZ/LwAKCRBhHseHBAsP
q7G7AKCDd7xNIaDpHzI6UEdKNKg+AYhqdACgigBZNMj6Hg/GLk4Ymg31yeVFAsU=
=WMlp
-----END PGP SIGNATURE-----

--JwM+kXJnAuf2qao6--

--===============3833820607471637791==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============3833820607471637791==--