[FFmpeg-cvslog] avcodec/dcadec: Do not explode EAGAIN

James Almer git at videolan.org
Wed Sep 20 00:20:18 EEST 2023


ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Sun Sep 17 00:05:18 2023 +0200| [13d22dc45403abee69af51b4150668a4a627492c] | committer: Michael Niedermayer

avcodec/dcadec: Do not explode EAGAIN

Fixes: out of array access
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DCA_fuzzer-6041088751960064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13d22dc45403abee69af51b4150668a4a627492c
---

 libavcodec/dcadec.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/libavcodec/dcadec.c b/libavcodec/dcadec.c
index 3e3e3053bb..1fee49cf4d 100644
--- a/libavcodec/dcadec.c
+++ b/libavcodec/dcadec.c
@@ -217,11 +217,10 @@ static int dcadec_decode_frame(AVCodecContext *avctx, AVFrame *frame,
         if (asset && (asset->extension_mask & DCA_EXSS_XLL)) {
             if ((ret = ff_dca_xll_parse(&s->xll, input, asset)) < 0) {
                 // Conceal XLL synchronization error
-                if (ret == AVERROR(EAGAIN)
-                    && (prev_packet & DCA_PACKET_XLL)
-                    && (s->packet & DCA_PACKET_CORE))
-                    s->packet |= DCA_PACKET_XLL | DCA_PACKET_RECOVERY;
-                else if (ret == AVERROR(ENOMEM) || (avctx->err_recognition & AV_EF_EXPLODE))
+                if (ret == AVERROR(EAGAIN)) {
+                    if ((prev_packet & DCA_PACKET_XLL) && (s->packet & DCA_PACKET_CORE))
+                        s->packet |= DCA_PACKET_XLL | DCA_PACKET_RECOVERY;
+                } else if (ret == AVERROR(ENOMEM) || (avctx->err_recognition & AV_EF_EXPLODE))
                     return ret;
             } else {
                 s->packet |= DCA_PACKET_XLL;



More information about the ffmpeg-cvslog mailing list