[FFmpeg-devel] avcodec/flicvideo: Check for chunk overread

Message ID	20170501225434.4834-1-michael@niedermayer.cc
State	Accepted
Commit	d2657d225c14fcb560199ef0cefe34f76270ad92
Headers	show Delivered-To: ffmpegpatchwork@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Tue, 2 May 2017 00:54:34 +0200 Message-Id: <20170501225434.4834-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH] avcodec/flicvideo: Check for chunk overread Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Message ID

20170501225434.4834-1-michael@niedermayer.cc

State

Accepted

Commit

d2657d225c14fcb560199ef0cefe34f76270ad92

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100; 
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Tue,  2 May 2017 00:54:34 +0200
Message-Id: <20170501225434.4834-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH] avcodec/flicvideo: Check for chunk overread
Precedence: list
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Commit Message

Michael Niedermayer May 1, 2017, 10:54 p.m. UTC

Fixes integer overflow
Fixes: 1292/clusterfuzz-testcase-minimized-5795512143839232

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/flicvideo.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

Comments

Michael Niedermayer May 4, 2017, 5:52 p.m. UTC | #1

On Tue, May 02, 2017 at 12:54:34AM +0200, Michael Niedermayer wrote:
> Fixes integer overflow
> Fixes: 1292/clusterfuzz-testcase-minimized-5795512143839232
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/flicvideo.c | 20 +++++++++++++++++++-
>  1 file changed, 19 insertions(+), 1 deletion(-)

applied

[...]

diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c
index b1b7b5a42f..7f9b871dc7 100644
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -444,8 +444,12 @@  static int flic_decode_frame_8BPP(AVCodecContext *avctx,
             break;
         }
 
-        if (stream_ptr_after_chunk - bytestream2_tell(&g2) > 0)
+        if (stream_ptr_after_chunk - bytestream2_tell(&g2) >= 0) {
             bytestream2_skip(&g2, stream_ptr_after_chunk - bytestream2_tell(&g2));
+        } else {
+            av_log(avctx, AV_LOG_ERROR, "Chunk overread\n");
+            break;
+        }
 
         frame_size -= chunk_size;
         num_chunks--;
@@ -742,6 +746,13 @@  static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
             break;
         }
 
+        if (stream_ptr_after_chunk - bytestream2_tell(&g2) >= 0) {
+            bytestream2_skip(&g2, stream_ptr_after_chunk - bytestream2_tell(&g2));
+        } else {
+            av_log(avctx, AV_LOG_ERROR, "Chunk overread\n");
+            break;
+        }
+
         frame_size -= chunk_size;
         num_chunks--;
     }
@@ -1016,6 +1027,13 @@  static int flic_decode_frame_24BPP(AVCodecContext *avctx,
             break;
         }
 
+        if (stream_ptr_after_chunk - bytestream2_tell(&g2) >= 0) {
+            bytestream2_skip(&g2, stream_ptr_after_chunk - bytestream2_tell(&g2));
+        } else {
+            av_log(avctx, AV_LOG_ERROR, "Chunk overread\n");
+            break;
+        }
+
         frame_size -= chunk_size;
         num_chunks--;
     }

[FFmpeg-devel] avcodec/flicvideo: Check for chunk overread

Commit Message

Comments

Patch