diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2024-08-19 21:01:44 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2024-08-28 16:27:55 +0200 |
| commit | 46e3bc2ebd21b215edce773de7c498121c1be766 (patch) | |
| tree | 2025294fe10e59fbd2a338b81e77c3739300e842 | |
| parent | b9c7f50c7de9b7d8c533eae173c9b77a6719346c (diff) | |
| download | ffmpeg-46e3bc2ebd21b215edce773de7c498121c1be766.tar.gz | |
tools/target_swr_fuzzer: Check av_samples_fill_arrays() for failure
Fixes: use of uninitialized value
Fixes: 71242/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-4905557943713792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | tools/target_swr_fuzzer.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/tools/target_swr_fuzzer.c b/tools/target_swr_fuzzer.c index f2d8ec49c0..b6cdb72a56 100644 --- a/tools/target_swr_fuzzer.c +++ b/tools/target_swr_fuzzer.c @@ -83,6 +83,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int in_sample_nb; int out_sample_nb = size; int count; + int ret; if (size > 128) { GetByteContext gbc; @@ -132,8 +133,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (!out_data) goto end; - av_samples_fill_arrays(ain , NULL, data, in_ch_count, in_sample_nb, in_sample_fmt, 1); - av_samples_fill_arrays(aout, NULL, out_data, out_ch_count, out_sample_nb, out_sample_fmt, 1); + ret = av_samples_fill_arrays(ain , NULL, data, in_ch_count, in_sample_nb, in_sample_fmt, 1); + if (ret < 0) + goto end; + ret = av_samples_fill_arrays(aout, NULL, out_data, out_ch_count, out_sample_nb, out_sample_fmt, 1); + if (ret < 0) + goto end; count = swr_convert(swr, aout, out_sample_nb, (const uint8_t **)ain, in_sample_nb); |