Message ID | 20190615220056.21784-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 2603f25d326476a83f5d093b522590b05b6e703b |
Headers | show |
On Sun, Jun 16, 2019 at 12:00:55AM +0200, Michael Niedermayer wrote: > Fixes: Direct leak of 536 byte(s) in 1 object(s) > Fixes: 15266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5629530426834944 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/bink.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/bink.c b/libavcodec/bink.c > index d0f1b39321..8392bbeeb0 100644 > --- a/libavcodec/bink.c > +++ b/libavcodec/bink.c > @@ -1333,13 +1333,13 @@ static av_cold int decode_init(AVCodecContext *avctx) > } > c->avctx = avctx; > > + if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) > + return ret; > + > c->last = av_frame_alloc(); > if (!c->last) > return AVERROR(ENOMEM); > > - if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) > - return ret; > - > avctx->pix_fmt = c->has_alpha ? AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P; > avctx->color_range = c->version == 'k' ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG; > > -- > 2.21.0 lgtm. please apply. -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
On Sun, Jun 16, 2019 at 12:37:32PM +1000, Peter Ross wrote: > On Sun, Jun 16, 2019 at 12:00:55AM +0200, Michael Niedermayer wrote: > > Fixes: Direct leak of 536 byte(s) in 1 object(s) > > Fixes: 15266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5629530426834944 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/bink.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/libavcodec/bink.c b/libavcodec/bink.c > > index d0f1b39321..8392bbeeb0 100644 > > --- a/libavcodec/bink.c > > +++ b/libavcodec/bink.c > > @@ -1333,13 +1333,13 @@ static av_cold int decode_init(AVCodecContext *avctx) > > } > > c->avctx = avctx; > > > > + if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) > > + return ret; > > + > > c->last = av_frame_alloc(); > > if (!c->last) > > return AVERROR(ENOMEM); > > > > - if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) > > - return ret; > > - > > avctx->pix_fmt = c->has_alpha ? AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P; > > avctx->color_range = c->version == 'k' ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG; > > > > -- > > 2.21.0 > > lgtm. please apply. will apply thx [...]
On 6/15/2019 7:00 PM, Michael Niedermayer wrote: > Fixes: Direct leak of 536 byte(s) in 1 object(s) > Fixes: 15266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5629530426834944 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/bink.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/bink.c b/libavcodec/bink.c > index d0f1b39321..8392bbeeb0 100644 > --- a/libavcodec/bink.c > +++ b/libavcodec/bink.c > @@ -1333,13 +1333,13 @@ static av_cold int decode_init(AVCodecContext *avctx) > } > c->avctx = avctx; > > + if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) > + return ret; > + > c->last = av_frame_alloc(); > if (!c->last) > return AVERROR(ENOMEM); > > - if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) > - return ret; > - > avctx->pix_fmt = c->has_alpha ? AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P; > avctx->color_range = c->version == 'k' ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG; This can also be fixed by adding the FF_CODEC_CAP_INIT_CLEANUP flag to caps_internal instead.
diff --git a/libavcodec/bink.c b/libavcodec/bink.c index d0f1b39321..8392bbeeb0 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -1333,13 +1333,13 @@ static av_cold int decode_init(AVCodecContext *avctx) } c->avctx = avctx; + if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) + return ret; + c->last = av_frame_alloc(); if (!c->last) return AVERROR(ENOMEM); - if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) - return ret; - avctx->pix_fmt = c->has_alpha ? AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P; avctx->color_range = c->version == 'k' ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
Fixes: Direct leak of 536 byte(s) in 1 object(s) Fixes: 15266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5629530426834944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/bink.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)