breeze/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-01-12 00:06:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/libvorbisdec: avoid overflow when assinging sample rate from long to int

Browse Source 
Fixes: 416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_DEC_fuzzer-6096101407260672
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 2287a19abb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Kacper Michajłow
2025-08-09 17:15:51 +02:00
committed by Michael Niedermayer
parent fb36a0027f
commit f505332928
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/libvorbisdec.c
View File

@@ -113,6 +113,12 @@ static int oggvorbis_decode_init(AVCodecContext *avccontext) {
}
}
if (context->vi.rate <= 0 || context->vi.rate > INT_MAX) {
av_log(avccontext, AV_LOG_ERROR, "vorbis rate is invalid\n");
ret = AVERROR_INVALIDDATA;
goto error;
}
av_channel_layout_uninit(&avccontext->ch_layout);
avccontext->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
avccontext->ch_layout.nb_channels = context->vi.channels;