summaryrefslogtreecommitdiffstats
path: root/libavcodec/fitsdec.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-07-15 23:42:42 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2019-09-26 21:02:34 +0200
commitcfa193779103c97bbfc28273a0ab12c114b6786d (patch)
treeec11e048676103cccaf10a1675ee266d3ed88860 /libavcodec/fitsdec.c
parent7dc0943d4aa014e616e2f2a4802cb3da829f9420 (diff)
downloadffmpeg-streaming-cfa193779103c97bbfc28273a0ab12c114b6786d.zip
ffmpeg-streaming-cfa193779103c97bbfc28273a0ab12c114b6786d.tar.gz
avcodec/fitsdec: Prevent division by 0 with huge data_max
Fixes: division by 0 Fixes: 15657/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5738154838982656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/fitsdec.c')
-rw-r--r--libavcodec/fitsdec.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/libavcodec/fitsdec.c b/libavcodec/fitsdec.c
index 4f45242..88b841a 100644
--- a/libavcodec/fitsdec.c
+++ b/libavcodec/fitsdec.c
@@ -195,6 +195,7 @@ static int fits_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
uint8_t *dst8;
uint16_t *dst16;
uint64_t t;
+ double scale;
FITSHeader header;
FITSContext * fitsctx = avctx->priv_data;
@@ -204,6 +205,12 @@ static int fits_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
if (ret < 0)
return ret;
+ scale = header.data_max - header.data_min;
+ if (scale <= 0 || !isfinite(scale)) {
+ scale = 1;
+ }
+ scale = 1/scale;
+
if (header.rgb) {
if (header.bitpix == 8) {
if (header.naxisn[2] == 3) {
@@ -272,7 +279,7 @@ static int fits_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
for (j = 0; j < avctx->width; j++) { \
t = rd; \
if (!header.blank_found || t != header.blank) { \
- *dst++ = ((t - header.data_min) * ((1 << (sizeof(type) * 8)) - 1)) / (header.data_max - header.data_min); \
+ *dst++ = ((t - header.data_min) * ((1 << (sizeof(type) * 8)) - 1)) * scale; \
} else { \
*dst++ = fitsctx->blank_val; \
} \
OpenPOWER on IntegriCloud