The branch, master has been updated
via 2287a19abbd80d25b411a3028969c55c4b0b8c88 (commit)
via 286a3892a854d6225764f13c71723459b2b0334f (commit)
via c2f7dae70d27a8f5ca1e3fa43d96ff5c8bf032fa (commit)
via db05b656b884e133ac19487a4e13ab1ff9a423f5 (commit)
via c74bc74398e7a1e235fdf51d0dd2dfb942626c82 (commit)
from e6635ada646b9ca65355a7904000103e1a0bd31e (commit)
- Log -----------------------------------------------------------------
commit 2287a19abbd80d25b411a3028969c55c4b0b8c88
Author: Kacper MichajÅow <kaspe...@gmail.com>
AuthorDate: Sat Aug 9 17:15:51 2025 +0200
Commit: Kacper MichajÅow <kaspe...@gmail.com>
CommitDate: Mon Aug 11 20:31:09 2025 +0200
avcodec/libvorbisdec: avoid overflow when assinging sample rate from long
to int
Fixes:
416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_DEC_fuzzer-6096101407260672
Found-by: OSS-Fuzz
Signed-off-by: Kacper MichajÅow <kaspe...@gmail.com>
diff --git a/libavcodec/libvorbisdec.c b/libavcodec/libvorbisdec.c
index 7922261b2f..326ed4b4fe 100644
--- a/libavcodec/libvorbisdec.c
+++ b/libavcodec/libvorbisdec.c
@@ -114,6 +114,12 @@ static av_cold int oggvorbis_decode_init(AVCodecContext
*avccontext)
}
}
+ if (context->vi.rate <= 0 || context->vi.rate > INT_MAX) {
+ av_log(avccontext, AV_LOG_ERROR, "vorbis rate is invalid\n");
+ ret = AVERROR_INVALIDDATA;
+ goto error;
+ }
+
av_channel_layout_uninit(&avccontext->ch_layout);
avccontext->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
avccontext->ch_layout.nb_channels = context->vi.channels;
commit 286a3892a854d6225764f13c71723459b2b0334f
Author: Kacper MichajÅow <kaspe...@gmail.com>
AuthorDate: Sat Aug 9 17:11:25 2025 +0200
Commit: Kacper MichajÅow <kaspe...@gmail.com>
CommitDate: Mon Aug 11 20:31:09 2025 +0200
avcodec/g728dec: init missing sample rate
Fixes: BAD BUILD: fuzzing
/tmp/not-out/tmp0d_svy0e/ffmpeg_AV_CODEC_ID_G728_DEC_fuzzer with afl-fuzz failed
Found-by: OSS-Fuzz
Signed-off-by: Kacper MichajÅow <kaspe...@gmail.com>
diff --git a/libavcodec/g728dec.c b/libavcodec/g728dec.c
index 9ab650f2cb..6403bcae46 100644
--- a/libavcodec/g728dec.c
+++ b/libavcodec/g728dec.c
@@ -96,6 +96,8 @@ static av_cold int g728_decode_init(AVCodecContext *avctx)
s->sbg[NSBGSZ - 1 -i] = -GOFF;
avctx->sample_fmt = AV_SAMPLE_FMT_FLT;
+ if (!avctx->sample_rate)
+ avctx->sample_rate = 8000;
av_channel_layout_uninit(&avctx->ch_layout);
avctx->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
commit c2f7dae70d27a8f5ca1e3fa43d96ff5c8bf032fa
Author: Kacper MichajÅow <kaspe...@gmail.com>
AuthorDate: Sat Aug 9 17:09:57 2025 +0200
Commit: Kacper MichajÅow <kaspe...@gmail.com>
CommitDate: Mon Aug 11 20:31:09 2025 +0200
avcodec/g726: init missing sample rate
Fixes:
416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_G726_DEC_fuzzer-5695764455292928
Found-by: OSS-Fuzz
Signed-off-by: Kacper MichajÅow <kaspe...@gmail.com>
diff --git a/libavcodec/g726.c b/libavcodec/g726.c
index 5491b7eb7a..f41df3073f 100644
--- a/libavcodec/g726.c
+++ b/libavcodec/g726.c
@@ -455,6 +455,8 @@ static av_cold int g726_decode_init(AVCodecContext *avctx)
g726_reset(c);
avctx->sample_fmt = AV_SAMPLE_FMT_S16;
+ if (!avctx->sample_rate)
+ avctx->sample_rate = 8000;
return 0;
}
commit db05b656b884e133ac19487a4e13ab1ff9a423f5
Author: Kacper MichajÅow <kaspe...@gmail.com>
AuthorDate: Mon Aug 11 20:27:10 2025 +0200
Commit: Kacper MichajÅow <kaspe...@gmail.com>
CommitDate: Mon Aug 11 20:31:09 2025 +0200
avformat/lrcdec: use av_sscanf to avoid possible locale issues
Signed-off-by: Kacper MichajÅow <kaspe...@gmail.com>
diff --git a/libavformat/lrcdec.c b/libavformat/lrcdec.c
index e3e091a61a..ebef87da6c 100644
--- a/libavformat/lrcdec.c
+++ b/libavformat/lrcdec.c
@@ -88,7 +88,7 @@ static int64_t read_ts(const char *p, int64_t *start)
if(p[offset] != '[') {
return 0;
}
- int ret = sscanf(p, "%2[[-]%"SCNu32":%lf]", prefix, &mm, &ss);
+ int ret = av_sscanf(p, "%2[[-]%"SCNu32":%lf]", prefix, &mm, &ss);
if (ret != 3 || prefix[0] != '[' || ss < 0 || ss > 60) {
return 0;
}
commit c74bc74398e7a1e235fdf51d0dd2dfb942626c82
Author: Kacper MichajÅow <kaspe...@gmail.com>
AuthorDate: Sat Aug 9 16:49:17 2025 +0200
Commit: Kacper MichajÅow <kaspe...@gmail.com>
CommitDate: Mon Aug 11 20:31:09 2025 +0200
avformat/lrcdec: limit input timestamp range to avoid overflows
Fixes: clusterfuzz-testcase-ffmpeg_dem_LRC_fuzzer-5226140131459072
Found-by: OSS-Fuzz
Signed-off-by: Kacper MichajÅow <kaspe...@gmail.com>
diff --git a/libavformat/lrcdec.c b/libavformat/lrcdec.c
index 7941c02c5d..e3e091a61a 100644
--- a/libavformat/lrcdec.c
+++ b/libavformat/lrcdec.c
@@ -78,7 +78,7 @@ static int64_t count_ts(const char *p)
static int64_t read_ts(const char *p, int64_t *start)
{
int64_t offset = 0;
- uint64_t mm;
+ uint32_t mm;
double ss;
char prefix[3];
@@ -88,8 +88,8 @@ static int64_t read_ts(const char *p, int64_t *start)
if(p[offset] != '[') {
return 0;
}
- int ret = sscanf(p, "%2[[-]%"SCNu64":%lf]", prefix, &mm, &ss);
- if (ret != 3 || prefix[0] != '[') {
+ int ret = sscanf(p, "%2[[-]%"SCNu32":%lf]", prefix, &mm, &ss);
+ if (ret != 3 || prefix[0] != '[' || ss < 0 || ss > 60) {
return 0;
}
*start = (mm * 60 + ss) * AV_TIME_BASE;
-----------------------------------------------------------------------
Summary of changes:
libavcodec/g726.c | 2 ++
libavcodec/g728dec.c | 2 ++
libavcodec/libvorbisdec.c | 6 ++++++
libavformat/lrcdec.c | 6 +++---
4 files changed, 13 insertions(+), 3 deletions(-)
hooks/post-receive
--
_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
