Message ID | 20190926211057.13232-5-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
tor 2019-09-26 klockan 23:10 +0200 skrev Michael Niedermayer: > Fixes: Timeout(103sec -> 3sec) > Fixes: 17678/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5715436989054976 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/flicvideo.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c > index 276c2ff2a6..e559f3d449 100644 > --- a/libavcodec/flicvideo.c > +++ b/libavcodec/flicvideo.c > @@ -738,6 +738,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, > for (y_ptr = 0; y_ptr < s->frame->linesize[0] * s->avctx->height; > y_ptr += s->frame->linesize[0]) { > > +#if HAVE_BIGENDIAN > pixel_countdown = s->avctx->width; > pixel_ptr = 0; > while (pixel_countdown > 0) { > @@ -745,6 +746,9 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, > pixel_ptr += 2; > pixel_countdown--; > } > +#else > + bytestream2_get_buffer(&g2, pixels + y_ptr, 2*s->avctx->width); > +#endif > if (s->avctx->width & 1) > bytestream2_skip(&g2, 2); > } Why not do the same kind of BE->LE conversion as with FLI_BRUN? Read first, convert if necessary. They could share code even. /Tomas
Am Sa., 28. Sept. 2019 um 16:52 Uhr schrieb Tomas Härdin <tjoppen@acc.umu.se>: > > tor 2019-09-26 klockan 23:10 +0200 skrev Michael Niedermayer: > > Fixes: Timeout(103sec -> 3sec) > > Fixes: 17678/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5715436989054976 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/flicvideo.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c > > index 276c2ff2a6..e559f3d449 100644 > > --- a/libavcodec/flicvideo.c > > +++ b/libavcodec/flicvideo.c > > @@ -738,6 +738,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, > > for (y_ptr = 0; y_ptr < s->frame->linesize[0] * s->avctx->height; > > y_ptr += s->frame->linesize[0]) { > > > > +#if HAVE_BIGENDIAN > > pixel_countdown = s->avctx->width; > > pixel_ptr = 0; > > while (pixel_countdown > 0) { > > @@ -745,6 +746,9 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, > > pixel_ptr += 2; > > pixel_countdown--; > > } > > +#else > > + bytestream2_get_buffer(&g2, pixels + y_ptr, 2*s->avctx->width); > > +#endif > > if (s->avctx->width & 1) > > bytestream2_skip(&g2, 2); > > } > > Why not do the same kind of BE->LE conversion as with FLI_BRUN? Read > first, convert if necessary. They could share code even. I wanted to suggest to completely remove the conversion but it was hard to find samples and then the samples crashed on be, so I wondered if there are more important issues... Carl Eugen
On Sat, Sep 28, 2019 at 08:46:52PM +0200, Carl Eugen Hoyos wrote: > Am Sa., 28. Sept. 2019 um 16:52 Uhr schrieb Tomas Härdin <tjoppen@acc.umu.se>: > > > > tor 2019-09-26 klockan 23:10 +0200 skrev Michael Niedermayer: > > > Fixes: Timeout(103sec -> 3sec) > > > Fixes: 17678/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5715436989054976 > > > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > --- > > > libavcodec/flicvideo.c | 4 ++++ > > > 1 file changed, 4 insertions(+) > > > > > > diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c > > > index 276c2ff2a6..e559f3d449 100644 > > > --- a/libavcodec/flicvideo.c > > > +++ b/libavcodec/flicvideo.c > > > @@ -738,6 +738,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, > > > for (y_ptr = 0; y_ptr < s->frame->linesize[0] * s->avctx->height; > > > y_ptr += s->frame->linesize[0]) { > > > > > > +#if HAVE_BIGENDIAN > > > pixel_countdown = s->avctx->width; > > > pixel_ptr = 0; > > > while (pixel_countdown > 0) { > > > @@ -745,6 +746,9 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, > > > pixel_ptr += 2; > > > pixel_countdown--; > > > } > > > +#else > > > + bytestream2_get_buffer(&g2, pixels + y_ptr, 2*s->avctx->width); > > > +#endif > > > if (s->avctx->width & 1) > > > bytestream2_skip(&g2, 2); > > > } > > > > Why not do the same kind of BE->LE conversion as with FLI_BRUN? Read > > first, convert if necessary. They could share code even. > > I wanted to suggest to completely remove the conversion but it was hard > to find samples and then the samples crashed on be, so I wondered if > there are more important issues... do you still have the sample that crashes on be ? thx [...]
diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c index 276c2ff2a6..e559f3d449 100644 --- a/libavcodec/flicvideo.c +++ b/libavcodec/flicvideo.c @@ -738,6 +738,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, for (y_ptr = 0; y_ptr < s->frame->linesize[0] * s->avctx->height; y_ptr += s->frame->linesize[0]) { +#if HAVE_BIGENDIAN pixel_countdown = s->avctx->width; pixel_ptr = 0; while (pixel_countdown > 0) { @@ -745,6 +746,9 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_ptr += 2; pixel_countdown--; } +#else + bytestream2_get_buffer(&g2, pixels + y_ptr, 2*s->avctx->width); +#endif if (s->avctx->width & 1) bytestream2_skip(&g2, 2); }
Fixes: Timeout(103sec -> 3sec) Fixes: 17678/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5715436989054976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/flicvideo.c | 4 ++++ 1 file changed, 4 insertions(+)