avcodec/vorbisdec: Check codebook float values to be finite

Fixes: Timeout Fixes: 55116/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-4572159970508800 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cadd7e7a7589b5c118ad1648a09c629a6b65a3be) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2023-02-12 22:49:01 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2023-06-04 20:18:24 +0200
commit: 0b003c082831e86fcc3dd3570072c687c42437ce (patch)
tree: efd2b7e8a6a883bdf8a5b70b37c9cee610ae0c9c
parent: 99bab6e96168e205ffa990369684fee41e367934 (diff)
download: ffmpeg-0b003c082831e86fcc3dd3570072c687c42437ce.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
index 2fd0f0e8d3..d0d5b7082d 100644
--- a/libavcodec/vorbisdec.c
+++ b/libavcodec/vorbisdec.c
@@ -363,6 +363,10 @@ static int vorbis_parse_setup_hdr_codebooks(vorbis_context *vc)
             unsigned codebook_value_bits = get_bits(gb, 4) + 1;
             unsigned codebook_sequence_p = get_bits1(gb);
 
+            if (!isfinite(codebook_minimum_value) || !isfinite(codebook_delta_value)) {
+                ret = AVERROR_INVALIDDATA;
+                goto error;
+            }
             ff_dlog(NULL, " We expect %d numbers for building the codevectors. \n",
                     codebook_lookup_values);
             ff_dlog(NULL, "  delta %f minmum %f \n",
author	Michael Niedermayer <michael@niedermayer.cc>	2023-02-12 22:49:01 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2023-06-04 20:18:24 +0200
commit	0b003c082831e86fcc3dd3570072c687c42437ce (patch)
tree	efd2b7e8a6a883bdf8a5b70b37c9cee610ae0c9c
parent	99bab6e96168e205ffa990369684fee41e367934 (diff)
download	ffmpeg-0b003c082831e86fcc3dd3570072c687c42437ce.tar.gz