From 247727435d754588574239d6d3f07da973ea6aaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Wed, 6 Aug 2025 19:49:11 +0200
Subject: [PATCH] avcodec/mpc8: init avctx->sample_rate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes frame validation.

Fixes: 416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5765557242888192
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 09cb2d41d1862c2f9b3b66311ede28527d703700)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mpc8.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavcodec/mpc8.c b/libavcodec/mpc8.c
index 2785259119..ae145927ee 100644
--- a/libavcodec/mpc8.c
+++ b/libavcodec/mpc8.c
@@ -155,7 +155,13 @@ static av_cold int mpc8_decode_init(AVCodecContext * avctx)
 
     init_get_bits(&gb, avctx->extradata, 16);
 
-    skip_bits(&gb, 3);//sample rate
+    uint8_t sample_rate_idx = get_bits(&gb, 3);
+    static const int sample_rates[] = { 44100, 48000, 37800, 32000 };
+    if (sample_rate_idx >= FF_ARRAY_ELEMS(sample_rates)) {
+        av_log(avctx, AV_LOG_ERROR, "invalid sample rate index (%u)\n", sample_rate_idx);
+        return AVERROR_INVALIDDATA;
+    }
+    avctx->sample_rate = sample_rates[sample_rate_idx];
     c->maxbands = get_bits(&gb, 5) + 1;
     if (c->maxbands >= BANDS) {
         av_log(avctx,AV_LOG_ERROR, "maxbands %d too high\n", c->maxbands);