]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e668260)
avcodec/fits: Check bitpix
authorMichael Niedermayer <michael@niedermayer.cc>
Sun, 5 May 2019 16:38:33 +0000 (18:38 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Mon, 6 May 2019 21:58:34 +0000 (23:58 +0200)
Reference: Table 8: Interpretation of valid BITPIX value from FITS standard 4.0
Fixes: runtime error: division by zero
Fixes: 14581/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5652382425284608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/fits.c patch | blob | history

diff --git a/libavcodec/fits.c b/libavcodec/fits.c
index 365347fc6406ad1dbcf741d2e16fef537995cd1b..ad73ab70de2e1efbc225d426d2ae94b437732dc3 100644 (file)
--- a/libavcodec/fits.c
+++ b/libavcodec/fits.c
@@ -138,6 +138,17 @@ int avpriv_fits_header_parse_line(void *avcl, FITSHeader *header, const uint8_t
     case STATE_BITPIX:
         CHECK_KEYWORD("BITPIX");
         CHECK_VALUE("BITPIX", bitpix);
+
+        switch(header->bitpix) {
+        case   8:
+        case  16:
+        case  32: case -32:
+        case  64: case -64: break;
+        default:
+            av_log(avcl, AV_LOG_ERROR, "invalid value of BITPIX %d\n", header->bitpix); \
+            return AVERROR_INVALIDDATA;
+        }
+
         dict_set_if_not_null(metadata, keyword, value);
 
         header->state = STATE_NAXIS;
Unnamed repository; edit this file 'description' to name the repository.