Message ID | 20170728012240.5464-1-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
On 28 July 2017 at 02:22, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: runtime error: shift exponent 65 is too large for 64-bit type > 'residual' (aka 'unsigned long') > Fixes: 2737/clusterfuzz-testcase-minimized-4968639147016192 > > Found-by: continuous fuzzing process https://github.com/google/oss- > fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/dirac_vlc.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/dirac_vlc.c b/libavcodec/dirac_vlc.c > index 773f720858..f9a6017ec0 100644 > --- a/libavcodec/dirac_vlc.c > +++ b/libavcodec/dirac_vlc.c > @@ -96,6 +96,9 @@ int ff_dirac_golomb_read_16bit(DiracGolombLUT *lut_ctx, > const uint8_t *buf, > if ((c_idx + 1) > coeffs) > return c_idx; > > + if (res_bits >= RSIZE_BITS) > + return 0; > + > if (res_bits && l->sign) { > int32_t coeff = 1; > APPEND_RESIDUE(res, l->preamble); > -- > 2.13.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > Empty the residue instead of giving up. That's the better solution I think.
On Fri, Jul 28, 2017 at 02:44:34AM +0100, Rostislav Pehlivanov wrote: > On 28 July 2017 at 02:22, Michael Niedermayer <michael@niedermayer.cc> > wrote: > > > Fixes: runtime error: shift exponent 65 is too large for 64-bit type > > 'residual' (aka 'unsigned long') > > Fixes: 2737/clusterfuzz-testcase-minimized-4968639147016192 > > > > Found-by: continuous fuzzing process https://github.com/google/oss- > > fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/dirac_vlc.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/libavcodec/dirac_vlc.c b/libavcodec/dirac_vlc.c > > index 773f720858..f9a6017ec0 100644 > > --- a/libavcodec/dirac_vlc.c > > +++ b/libavcodec/dirac_vlc.c > > @@ -96,6 +96,9 @@ int ff_dirac_golomb_read_16bit(DiracGolombLUT *lut_ctx, > > const uint8_t *buf, > > if ((c_idx + 1) > coeffs) > > return c_idx; > > > > + if (res_bits >= RSIZE_BITS) > > + return 0; > > + > > if (res_bits && l->sign) { > > int32_t coeff = 1; > > APPEND_RESIDUE(res, l->preamble); > > -- > > 2.13.0 > > > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > Empty the residue instead of giving up. That's the better solution I think. you mean "res_bits = res = 0;" ? if so ill push that thx [...]
On Fri, Jul 28, 2017 at 08:50:42PM +0200, Michael Niedermayer wrote: > On Fri, Jul 28, 2017 at 02:44:34AM +0100, Rostislav Pehlivanov wrote: > > On 28 July 2017 at 02:22, Michael Niedermayer <michael@niedermayer.cc> > > wrote: > > > > > Fixes: runtime error: shift exponent 65 is too large for 64-bit type > > > 'residual' (aka 'unsigned long') > > > Fixes: 2737/clusterfuzz-testcase-minimized-4968639147016192 > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss- > > > fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > --- > > > libavcodec/dirac_vlc.c | 3 +++ > > > 1 file changed, 3 insertions(+) > > > > > > diff --git a/libavcodec/dirac_vlc.c b/libavcodec/dirac_vlc.c > > > index 773f720858..f9a6017ec0 100644 > > > --- a/libavcodec/dirac_vlc.c > > > +++ b/libavcodec/dirac_vlc.c > > > @@ -96,6 +96,9 @@ int ff_dirac_golomb_read_16bit(DiracGolombLUT *lut_ctx, > > > const uint8_t *buf, > > > if ((c_idx + 1) > coeffs) > > > return c_idx; > > > > > > + if (res_bits >= RSIZE_BITS) > > > + return 0; > > > + > > > if (res_bits && l->sign) { > > > int32_t coeff = 1; > > > APPEND_RESIDUE(res, l->preamble); > > > -- > > > 2.13.0 > > > > > > _______________________________________________ > > > ffmpeg-devel mailing list > > > ffmpeg-devel@ffmpeg.org > > > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > > > > Empty the residue instead of giving up. That's the better solution I think. > > you mean "res_bits = res = 0;" ? > > if so ill push that applied [...]
diff --git a/libavcodec/dirac_vlc.c b/libavcodec/dirac_vlc.c index 773f720858..f9a6017ec0 100644 --- a/libavcodec/dirac_vlc.c +++ b/libavcodec/dirac_vlc.c @@ -96,6 +96,9 @@ int ff_dirac_golomb_read_16bit(DiracGolombLUT *lut_ctx, const uint8_t *buf, if ((c_idx + 1) > coeffs) return c_idx; + if (res_bits >= RSIZE_BITS) + return 0; + if (res_bits && l->sign) { int32_t coeff = 1; APPEND_RESIDUE(res, l->preamble);
Fixes: runtime error: shift exponent 65 is too large for 64-bit type 'residual' (aka 'unsigned long') Fixes: 2737/clusterfuzz-testcase-minimized-4968639147016192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/dirac_vlc.c | 3 +++ 1 file changed, 3 insertions(+)