Message ID | 20180624211825.15682-1-michael@niedermayer.cc |
---|---|
State | Superseded |
Headers | show |
On 6/24/2018 6:18 PM, Michael Niedermayer wrote: > Fixes: Timeout > Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/escape124.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c > index eb051eba54..33c67e7754 100644 > --- a/libavcodec/escape124.c > +++ b/libavcodec/escape124.c > @@ -221,7 +221,7 @@ static int escape124_decode_frame(AVCodecContext *avctx, > > // This call also guards the potential depth reads for the > // codebook unpacking. > - if (get_bits_left(&gb) < 64) > + if (get_bits_left(&gb) < 64 + s->num_superblocks * 23LL / 4320) An explanation of what these numbers and/or the overall check mean would help people reading this code in the future. > return -1; > > frame_flags = get_bits_long(&gb, 32); >
On Sun, Jun 24, 2018 at 07:00:25PM -0300, James Almer wrote: > On 6/24/2018 6:18 PM, Michael Niedermayer wrote: > > Fixes: Timeout > > Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/escape124.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c > > index eb051eba54..33c67e7754 100644 > > --- a/libavcodec/escape124.c > > +++ b/libavcodec/escape124.c > > @@ -221,7 +221,7 @@ static int escape124_decode_frame(AVCodecContext *avctx, > > > > // This call also guards the potential depth reads for the > > // codebook unpacking. > > - if (get_bits_left(&gb) < 64) > > + if (get_bits_left(&gb) < 64 + s->num_superblocks * 23LL / 4320) > > An explanation of what these numbers and/or the overall check mean would > help people reading this code in the future. new patch sent with explanation thx [...]
diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c index eb051eba54..33c67e7754 100644 --- a/libavcodec/escape124.c +++ b/libavcodec/escape124.c @@ -221,7 +221,7 @@ static int escape124_decode_frame(AVCodecContext *avctx, // This call also guards the potential depth reads for the // codebook unpacking. - if (get_bits_left(&gb) < 64) + if (get_bits_left(&gb) < 64 + s->num_superblocks * 23LL / 4320) return -1; frame_flags = get_bits_long(&gb, 32);
Fixes: Timeout Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/escape124.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)