Message ID | 20190519154204.6291-1-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
On Sun, May 19, 2019 at 05:42:04PM +0200, Michael Niedermayer wrote: > Fixes: Timeout (14sec -> 29ms) > Fixes: 14733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5707022445576192 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/cpia.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) This is untested against valid streams, due to lack of such input Thanks [...]
Am So., 19. Mai 2019 um 17:43 Uhr schrieb Michael Niedermayer <michael@niedermayer.cc>: > > Fixes: Timeout (14sec -> 29ms) > Fixes: 14733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5707022445576192 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/cpia.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/cpia.c b/libavcodec/cpia.c > index 119969389e..2e78fcff7a 100644 > --- a/libavcodec/cpia.c > +++ b/libavcodec/cpia.c > @@ -63,7 +63,7 @@ static int cpia_decode_frame(AVCodecContext *avctx, > uint8_t *y, *u, *v; > > // Check header > - if ( avpkt->size < FRAME_HEADER_SIZE > + if ( avpkt->size < FRAME_HEADER_SIZE + avctx->height*3 lgtm except for the missing whitespace that is constantly present in the file. Carl Eugen
On Mon, May 20, 2019 at 10:14:46AM +0200, Carl Eugen Hoyos wrote: > Am So., 19. Mai 2019 um 17:43 Uhr schrieb Michael Niedermayer > <michael@niedermayer.cc>: > > > > Fixes: Timeout (14sec -> 29ms) > > Fixes: 14733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5707022445576192 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/cpia.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/cpia.c b/libavcodec/cpia.c > > index 119969389e..2e78fcff7a 100644 > > --- a/libavcodec/cpia.c > > +++ b/libavcodec/cpia.c > > @@ -63,7 +63,7 @@ static int cpia_decode_frame(AVCodecContext *avctx, > > uint8_t *y, *u, *v; > > > > // Check header > > - if ( avpkt->size < FRAME_HEADER_SIZE > > + if ( avpkt->size < FRAME_HEADER_SIZE + avctx->height*3 > > lgtm except for the missing whitespace that is constantly present in the file. add whitespace, will apply thx [...]
diff --git a/libavcodec/cpia.c b/libavcodec/cpia.c index 119969389e..2e78fcff7a 100644 --- a/libavcodec/cpia.c +++ b/libavcodec/cpia.c @@ -63,7 +63,7 @@ static int cpia_decode_frame(AVCodecContext *avctx, uint8_t *y, *u, *v; // Check header - if ( avpkt->size < FRAME_HEADER_SIZE + if ( avpkt->size < FRAME_HEADER_SIZE + avctx->height*3 || header[0] != MAGIC_0 || header[1] != MAGIC_1 || (header[17] != SUBSAMPLE_420 && header[17] != SUBSAMPLE_422) || (header[18] != YUVORDER_YUYV && header[18] != YUVORDER_UYVY)
Fixes: Timeout (14sec -> 29ms) Fixes: 14733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CPIA_fuzzer-5707022445576192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/cpia.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)