From 7b24615565fd488e7e3a435102979a5ea85fe2fe Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 5 Dec 2021 18:40:03 +0100
Subject: avformat/vivo: Do not use the general expression evaluator for
 parsing a floating point value

Fixes: Timeout
Fixes: 41564/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-6309014024093696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/vivo.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'libavformat')

diff --git a/libavformat/vivo.c b/libavformat/vivo.c
index b2904cd25a..6447ec7ee8 100644
--- a/libavformat/vivo.c
+++ b/libavformat/vivo.c
@@ -26,6 +26,7 @@
  * @sa http://wiki.multimedia.cx/index.php?title=Vivo
  */
 
+#include "libavutil/avstring.h"
 #include "libavutil/parseutils.h"
 #include "avformat.h"
 #include "internal.h"
@@ -206,11 +207,12 @@ static int vivo_read_header(AVFormatContext *s)
                     return AVERROR_INVALIDDATA;
                 value_used = 1;
             } else if (!strcmp(key, "FPS")) {
-                AVRational tmp;
+                double d;
+                if (av_sscanf(value, "%f", &d) != 1)
+                    return AVERROR_INVALIDDATA;
 
                 value_used = 1;
-                if (!av_parse_ratio(&tmp, value, 10000, AV_LOG_WARNING, s))
-                    fps = av_inv_q(tmp);
+                fps = av_inv_q(av_d2q(d, 10000));
             }
 
             if (!value_used)
-- 
cgit v1.2.3