Message ID | 20180417001346.8174-2-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
tis 2018-04-17 klockan 02:13 +0200 skrev Michael Niedermayer: > Speeds up decoding from 3 to 0.1 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232 > Fixes: Timeout > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/cinepak.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c > index ba0589582f..17e3afc35c 100644 > --- a/libavcodec/cinepak.c > +++ b/libavcodec/cinepak.c > @@ -444,6 +444,7 @@ static int cinepak_decode_frame(AVCodecContext *avctx, > const uint8_t *buf = avpkt->data; > int ret = 0, buf_size = avpkt->size; > CinepakContext *s = avctx->priv_data; > + int num_strips; > > s->data = buf; > s->size = buf_size; > @@ -451,6 +452,12 @@ static int cinepak_decode_frame(AVCodecContext *avctx, > if (s->size < 10) > return AVERROR_INVALIDDATA; > > + num_strips = AV_RB16 (&s->data[8]); > + > + //Empty frame, do not waste time > + if (!num_strips) > + return buf_size; Won't this break in case of palette changes? /Tomas
On Tue, Apr 17, 2018 at 10:36:40AM +0200, Tomas Härdin wrote: > tis 2018-04-17 klockan 02:13 +0200 skrev Michael Niedermayer: > > Speeds up decoding from 3 to 0.1 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232 > > Fixes: Timeout > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/cinepak.c | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c > > index ba0589582f..17e3afc35c 100644 > > --- a/libavcodec/cinepak.c > > +++ b/libavcodec/cinepak.c > > @@ -444,6 +444,7 @@ static int cinepak_decode_frame(AVCodecContext *avctx, > > const uint8_t *buf = avpkt->data; > > int ret = 0, buf_size = avpkt->size; > > CinepakContext *s = avctx->priv_data; > > + int num_strips; > > > > s->data = buf; > > s->size = buf_size; > > @@ -451,6 +452,12 @@ static int cinepak_decode_frame(AVCodecContext *avctx, > > if (s->size < 10) > > return AVERROR_INVALIDDATA; > > > > + num_strips = AV_RB16 (&s->data[8]); > > + > > + //Empty frame, do not waste time > > + if (!num_strips) > > + return buf_size; > > Won't this break in case of palette changes? well, iam not even sure this branch occurs in real world undamaged files but i think you are correct, it could potentially loose a palette, ill fix this Thanks [...]
diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c index ba0589582f..17e3afc35c 100644 --- a/libavcodec/cinepak.c +++ b/libavcodec/cinepak.c @@ -444,6 +444,7 @@ static int cinepak_decode_frame(AVCodecContext *avctx, const uint8_t *buf = avpkt->data; int ret = 0, buf_size = avpkt->size; CinepakContext *s = avctx->priv_data; + int num_strips; s->data = buf; s->size = buf_size; @@ -451,6 +452,12 @@ static int cinepak_decode_frame(AVCodecContext *avctx, if (s->size < 10) return AVERROR_INVALIDDATA; + num_strips = AV_RB16 (&s->data[8]); + + //Empty frame, do not waste time + if (!num_strips) + return buf_size; + if ((ret = cinepak_predecode_check(s)) < 0) { av_log(avctx, AV_LOG_ERROR, "cinepak_predecode_check failed\n"); return ret;
Speeds up decoding from 3 to 0.1 seconds for 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/cinepak.c | 7 +++++++ 1 file changed, 7 insertions(+)