diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2023-02-12 22:49:01 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2023-04-22 23:21:03 +0200 |
commit | cadd7e7a7589b5c118ad1648a09c629a6b65a3be (patch) | |
tree | 9875891c8564065ac35d2dba789cfdb31028a299 /libavcodec/vorbisdec.c | |
parent | 99dc7517827e8cbd4d63488eff57e6b21b4b6f3f (diff) | |
download | ffmpeg-cadd7e7a7589b5c118ad1648a09c629a6b65a3be.tar.gz |
avcodec/vorbisdec: Check codebook float values to be finite
Fixes: Timeout
Fixes: 55116/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-4572159970508800
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/vorbisdec.c')
-rw-r--r-- | libavcodec/vorbisdec.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index e9dad4ef4f..1d2a099760 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -368,6 +368,10 @@ static int vorbis_parse_setup_hdr_codebooks(vorbis_context *vc) unsigned codebook_value_bits = get_bits(gb, 4) + 1; unsigned codebook_sequence_p = get_bits1(gb); + if (!isfinite(codebook_minimum_value) || !isfinite(codebook_delta_value)) { + ret = AVERROR_INVALIDDATA; + goto error; + } ff_dlog(NULL, " We expect %d numbers for building the codevectors. \n", codebook_lookup_values); ff_dlog(NULL, " delta %f minmum %f \n", |