Message ID | 20190926211057.13232-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | b3c25263d1ee1aa14a0e69c9423f5bd4cacfb4ce |
Headers | show |
lgtm On 9/26/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Improves: Timeout (85sec -> 46sec) > Improves: > 17644/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5715704283660288 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/scpr.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c > index ab4d5b57df..2a0ebcecfc 100644 > --- a/libavcodec/scpr.c > +++ b/libavcodec/scpr.c > @@ -534,6 +534,9 @@ static int decode_frame(AVCodecContext *avctx, void > *data, int *got_frame, > uint32_t clr, *dst = (uint32_t *)s->current_frame->data[0]; > int y; > > + if (bytestream2_get_bytes_left(gb) < 3) > + return AVERROR_INVALIDDATA; > + > frame->key_frame = 1; > bytestream2_skip(gb, 1); > if (avctx->bits_per_coded_sample == 16) { > -- > 2.23.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Tue, Oct 08, 2019 at 05:57:53PM +0200, Paul B Mahol wrote: > lgtm > will apply thx [...]
diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c index ab4d5b57df..2a0ebcecfc 100644 --- a/libavcodec/scpr.c +++ b/libavcodec/scpr.c @@ -534,6 +534,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, uint32_t clr, *dst = (uint32_t *)s->current_frame->data[0]; int y; + if (bytestream2_get_bytes_left(gb) < 3) + return AVERROR_INVALIDDATA; + frame->key_frame = 1; bytestream2_skip(gb, 1); if (avctx->bits_per_coded_sample == 16) {
Improves: Timeout (85sec -> 46sec) Improves: 17644/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5715704283660288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/scpr.c | 3 +++ 1 file changed, 3 insertions(+)