Fixes: out of array access Fixes: 22692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5678686190960640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/wavpack.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index ead57063c8..f77548e5a5 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -1129,6 +1129,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no, else sample_fmt = AV_SAMPLE_FMT_S32P; + if (wc->ch_offset && avctx->sample_fmt != sample_fmt) + return AVERROR_INVALIDDATA; + bpp = av_get_bytes_per_sample(sample_fmt); orig_bpp = ((s->frame_flags & 0x03) + 1) << 3; multiblock = (s->frame_flags & WV_SINGLE_BLOCK) != WV_SINGLE_BLOCK; -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
