Message ID | 20210317231728.2130-2-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/3] avformat/mpc8: check for size overflow in mpc8_get_chunk_header() | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Thu, Mar 18, 2021 at 12:17:27AM +0100, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016 > Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/sga.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
please remove excessive whitespaces On Thu, Mar 25, 2021 at 6:09 PM Michael Niedermayer <michael@niedermayer.cc> wrote: > On Thu, Mar 18, 2021 at 12:17:27AM +0100, Michael Niedermayer wrote: > > Fixes: out of array access > > Fixes: > 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016 > > Fixes: > 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960 > > > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/sga.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > will apply > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Its not that you shouldnt use gotos but rather that you should write > readable code and code with gotos often but not always is less readable > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff --git a/libavcodec/sga.c b/libavcodec/sga.c index 00752a5843..881f3fa6b2 100644 --- a/libavcodec/sga.c +++ b/libavcodec/sga.c @@ -232,7 +232,7 @@ static int lzss_decompress(AVCodecContext *avctx, if (offset <= 0) offset = 1; - if (oi < offset) + if (oi < offset || oi + count * 2 > dst_size ) return AVERROR_INVALIDDATA; for (int j = 0; j < count * 2; j++) { dst[oi] = dst[oi - offset];
Fixes: out of array access Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016 Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/sga.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)