avcodec/wavpack: Do not allow the sample format to change between channels

Fixes: out of array access Fixes: 22692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5678686190960640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: David Bryant <david@wavpack.com> Tested-by: David Bryant <david@wavpack.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-06-03 21:13:47 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-06-04 23:09:07 +0200
commit: bafaf95116b78ab58dbbcbf15f9c3a7c3a123fbd (patch)
tree: cdbc21ec848989b336c730e2983860ff608fa49f /libavcodec/wavpack.c
parent: e34686d7acdd2d2562286753a727e100cedd6393 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index ead57063c8..f77548e5a5 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -1129,6 +1129,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
     else
         sample_fmt          = AV_SAMPLE_FMT_S32P;
 
+    if (wc->ch_offset && avctx->sample_fmt != sample_fmt)
+        return AVERROR_INVALIDDATA;
+
     bpp            = av_get_bytes_per_sample(sample_fmt);
     orig_bpp       = ((s->frame_flags & 0x03) + 1) << 3;
     multiblock     = (s->frame_flags & WV_SINGLE_BLOCK) != WV_SINGLE_BLOCK;
author	Michael Niedermayer <michael@niedermayer.cc>	2020-06-03 21:13:47 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-06-04 23:09:07 +0200
commit	bafaf95116b78ab58dbbcbf15f9c3a7c3a123fbd (patch)
tree	cdbc21ec848989b336c730e2983860ff608fa49f /libavcodec/wavpack.c
parent	e34686d7acdd2d2562286753a727e100cedd6393 (diff)