avcodec/dcadec: Do not explode EAGAIN

Fixes: out of array access
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DCA_fuzzer-6041088751960064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
James Almer 2023-09-17 00:05:18 +02:00 committed by Michael Niedermayer
parent 42b20c93ae
commit 13d22dc454
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64

View File

@ -217,11 +217,10 @@ static int dcadec_decode_frame(AVCodecContext *avctx, AVFrame *frame,
if (asset && (asset->extension_mask & DCA_EXSS_XLL)) {
if ((ret = ff_dca_xll_parse(&s->xll, input, asset)) < 0) {
// Conceal XLL synchronization error
if (ret == AVERROR(EAGAIN)
&& (prev_packet & DCA_PACKET_XLL)
&& (s->packet & DCA_PACKET_CORE))
s->packet |= DCA_PACKET_XLL | DCA_PACKET_RECOVERY;
else if (ret == AVERROR(ENOMEM) || (avctx->err_recognition & AV_EF_EXPLODE))
if (ret == AVERROR(EAGAIN)) {
if ((prev_packet & DCA_PACKET_XLL) && (s->packet & DCA_PACKET_CORE))
s->packet |= DCA_PACKET_XLL | DCA_PACKET_RECOVERY;
} else if (ret == AVERROR(ENOMEM) || (avctx->err_recognition & AV_EF_EXPLODE))
return ret;
} else {
s->packet |= DCA_PACKET_XLL;