diff mbox series

[FFmpeg-devel] avcodec/h263dec: Check input size before GEOV/GEOX special case handling

Message ID 20220225152940.26446-1-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel] avcodec/h263dec: Check input size before GEOV/GEOX special case handling | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_aarch64_jetson success Make finished
andriy/make_fate_aarch64_jetson success Make fate finished
andriy/make_armv7_RPi4 success Make finished
andriy/make_fate_armv7_RPi4 success Make fate finished

Commit Message

Michael Niedermayer Feb. 25, 2022, 3:29 p.m. UTC 
Fixes: Timeout
Fixes: 44921/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6546588791603200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/h263dec.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Andreas Rheinhardt Feb. 25, 2022, 8:22 p.m. UTC | #1 
Michael Niedermayer:
> Fixes: Timeout
> Fixes: 44921/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6546588791603200
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/h263dec.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
> index e940b7f7c7..56a41f6d05 100644
> --- a/libavcodec/h263dec.c
> +++ b/libavcodec/h263dec.c
> @@ -702,6 +702,7 @@ frame_end:
>  
>      if (s->last_picture_ptr || s->low_delay) {
>          if (   pict->format == AV_PIX_FMT_YUV420P
> +            && buf_size*16LL > s->mb_num
>              && (s->codec_tag == AV_RL32("GEOV") || s->codec_tag == AV_RL32("GEOX"))) {
>              int x, y, p;
>              av_frame_make_writable(pict);

Does https://ffmpeg.org/pipermail/ffmpeg-devel/2022-February/293358.html
not fix the timeout?

- Andreas
Michael Niedermayer Feb. 25, 2022, 9:06 p.m. UTC | #2 
On Fri, Feb 25, 2022 at 09:22:14PM +0100, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: Timeout
> > Fixes: 44921/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6546588791603200
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/h263dec.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
> > index e940b7f7c7..56a41f6d05 100644
> > --- a/libavcodec/h263dec.c
> > +++ b/libavcodec/h263dec.c
> > @@ -702,6 +702,7 @@ frame_end:
> >  
> >      if (s->last_picture_ptr || s->low_delay) {
> >          if (   pict->format == AV_PIX_FMT_YUV420P
> > +            && buf_size*16LL > s->mb_num
> >              && (s->codec_tag == AV_RL32("GEOV") || s->codec_tag == AV_RL32("GEOX"))) {
> >              int x, y, p;
> >              av_frame_make_writable(pict);
> 
> Does https://ffmpeg.org/pipermail/ffmpeg-devel/2022-February/293358.html
> not fix the timeout?

that should work too and is better, consider my patch withdrawn

thx
diff mbox series

Patch

diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index e940b7f7c7..56a41f6d05 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -702,6 +702,7 @@  frame_end:
 
     if (s->last_picture_ptr || s->low_delay) {
         if (   pict->format == AV_PIX_FMT_YUV420P
+            && buf_size*16LL > s->mb_num
             && (s->codec_tag == AV_RL32("GEOV") || s->codec_tag == AV_RL32("GEOX"))) {
             int x, y, p;
             av_frame_make_writable(pict);