Message ID | 20190925100120.12305-2-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | e7113704b2ae6bcf4ab8ed3fbb098c9aab0d5df2 |
Headers | show |
On Wed, Sep 25, 2019 at 12:01:18PM +0200, Michael Niedermayer wrote: > Fixes: Timeout (149sec ->1sec) > Fixes: 17311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5679368642232320 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/cavsdec.c | 14 ++++++++++++-- > tests/ref/fate/cavs | 2 +- > 2 files changed, 13 insertions(+), 3 deletions(-) will apply [...]
Michael Niedermayer: > On Wed, Sep 25, 2019 at 12:01:18PM +0200, Michael Niedermayer wrote: >> Fixes: Timeout (149sec ->1sec) >> Fixes: 17311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5679368642232320 >> >> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >> --- >> libavcodec/cavsdec.c | 14 ++++++++++++-- >> tests/ref/fate/cavs | 2 +- >> 2 files changed, 13 insertions(+), 3 deletions(-) > > will apply > > [...] > > apparently this patch broke FATE, although you updated the ref file for the cavs test; it seems you changed the code again after updating the ref file. - Andreas
On Thu, Oct 17, 2019 at 04:07:00AM +0000, Andreas Rheinhardt wrote: > Michael Niedermayer: > > On Wed, Sep 25, 2019 at 12:01:18PM +0200, Michael Niedermayer wrote: > >> Fixes: Timeout (149sec ->1sec) > >> Fixes: 17311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5679368642232320 > >> > >> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > >> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > >> --- > >> libavcodec/cavsdec.c | 14 ++++++++++++-- > >> tests/ref/fate/cavs | 2 +- > >> 2 files changed, 13 insertions(+), 3 deletions(-) > > > > will apply > > > > [...] > > > > > apparently this patch broke FATE, although you updated the ref file > for the cavs test; it seems you changed the code again after updating > the ref file. For the archieves: That was fixed shortly after in 0279e727e99282dfa6c7019f468cb217543be243 i did just now receivce your mail though that was stuck in a "Junk" folder inaccessible through POP3 Thanks [...]
diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index 1c4f71824a..436f902ab3 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -1101,11 +1101,16 @@ static int decode_pic(AVSContext *h) do { if (check_for_slice(h)) skip_count = -1; - if (h->skip_mode_flag && (skip_count < 0)) + if (h->skip_mode_flag && (skip_count < 0)) { + if (get_bits_left(&h->gb) < 1) + break; skip_count = get_ue_golomb(&h->gb); + } if (h->skip_mode_flag && skip_count--) { decode_mb_p(h, P_SKIP); } else { + if (get_bits_left(&h->gb) < 1) + break; mb_type = get_ue_golomb(&h->gb) + P_SKIP + h->skip_mode_flag; if (mb_type > P_8X8) ret = decode_mb_i(h, mb_type - P_8X8 - 1); @@ -1119,11 +1124,16 @@ static int decode_pic(AVSContext *h) do { if (check_for_slice(h)) skip_count = -1; - if (h->skip_mode_flag && (skip_count < 0)) + if (h->skip_mode_flag && (skip_count < 0)) { + if (get_bits_left(&h->gb) < 1) + break; skip_count = get_ue_golomb(&h->gb); + } if (h->skip_mode_flag && skip_count--) { ret = decode_mb_b(h, B_SKIP); } else { + if (get_bits_left(&h->gb) < 1) + break; mb_type = get_ue_golomb(&h->gb) + B_SKIP + h->skip_mode_flag; if (mb_type > B_8X8) ret = decode_mb_i(h, mb_type - B_8X8 - 1); diff --git a/tests/ref/fate/cavs b/tests/ref/fate/cavs index ddcbe04d15..4c3d127fa3 100644 --- a/tests/ref/fate/cavs +++ b/tests/ref/fate/cavs @@ -172,4 +172,4 @@ 0, 166, 166, 1, 622080, 0x05496a5d 0, 167, 167, 1, 622080, 0xdcb4cee8 0, 168, 168, 1, 622080, 0xb41172e5 -0, 169, 169, 1, 622080, 0x56c72478 +0, 169, 169, 1, 622080, 0x26146e0b
Fixes: Timeout (149sec ->1sec) Fixes: 17311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5679368642232320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/cavsdec.c | 14 ++++++++++++-- tests/ref/fate/cavs | 2 +- 2 files changed, 13 insertions(+), 3 deletions(-)