tools/target_swr_fuzzer: Check av_samples_fill_arrays() for failure

Fixes: use of uninitialized value Fixes: 71242/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-4905557943713792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 months ago · 46e3bc2ebd
parent b9c7f50c7d
commit 46e3bc2ebd
1 changed files with 7 additions and 2 deletions
--- a/tools/target_swr_fuzzer.c
+++ b/tools/target_swr_fuzzer.c
@ -83,6 +83,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    int in_sample_nb;
    int out_sample_nb = size;
    int count;
+    int ret;

    if (size > 128) {
        GetByteContext gbc;
@ -132,8 +133,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    if (!out_data)
        goto end;

-    av_samples_fill_arrays(ain , NULL,     data,  in_ch_count,  in_sample_nb,  in_sample_fmt, 1);
-    av_samples_fill_arrays(aout, NULL, out_data, out_ch_count, out_sample_nb, out_sample_fmt, 1);
+    ret = av_samples_fill_arrays(ain , NULL,     data,  in_ch_count,  in_sample_nb,  in_sample_fmt, 1);
+    if (ret < 0)
+        goto end;
+    ret = av_samples_fill_arrays(aout, NULL, out_data, out_ch_count, out_sample_nb, out_sample_fmt, 1);
+    if (ret < 0)
+        goto end;

    count = swr_convert(swr, aout, out_sample_nb, (const uint8_t **)ain, in_sample_nb);