| Message ID | 20220613001021.8065-3-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | b14104a6376cd774b08cbe5fda56b34320a41b2e |
| Headers | show |
| Series | [FFmpeg-devel,1/3] tools/target_dec_fuzzer: Adjust threshold for SIMBIOSIS_IMX | expand |
| Context | Check | Description |
|---|---|---|
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
| andriy/make_armv7_RPi4 | success | Make finished |
| andriy/make_fate_armv7_RPi4 | success | Make fate finished |
Have you checked this with longer samples?
On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote:
> Have you checked this with longer samples?
ive tested it with the files in the bink directory on samples
anything else i should test it with ?
thx
[...]
On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc> wrote: > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote: > > Have you checked this with longer samples? > > ive tested it with the files in the bink directory on samples > anything else i should test it with ? > Something longer, where is big gap between keyframes. > > thx > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > The educated differ from the uneducated as much as the living from the > dead. -- Aristotle > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote: > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc> > wrote: > > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote: > > > Have you checked this with longer samples? > > > > ive tested it with the files in the bink directory on samples > > anything else i should test it with ? > > > > Something longer, where is big gap between keyframes. I would have thought that some of the 46 files in the samples archieve would have adequate gaps. Can you share some better test file ? thx [...]
On Tue, Jun 14, 2022 at 12:09:59AM +0200, Michael Niedermayer wrote: > On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote: > > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc> > > wrote: > > > > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote: > > > > Have you checked this with longer samples? > > > > > > ive tested it with the files in the bink directory on samples > > > anything else i should test it with ? > > > > > > > Something longer, where is big gap between keyframes. > > I would have thought that some of the 46 files in the samples archieve > would have adequate gaps. > Can you share some better test file ? ping ? anyone has more files i should test ? if not, i suggest to apply this thx [...]
On Tue, Jul 12, 2022 at 08:20:18PM +0200, Michael Niedermayer wrote: > On Tue, Jun 14, 2022 at 12:09:59AM +0200, Michael Niedermayer wrote: > > On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote: > > > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc> > > > wrote: > > > > > > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote: > > > > > Have you checked this with longer samples? > > > > > > > > ive tested it with the files in the bink directory on samples > > > > anything else i should test it with ? > > > > > > > > > > Something longer, where is big gap between keyframes. > > > > I would have thought that some of the 46 files in the samples archieve > > would have adequate gaps. > > Can you share some better test file ? > > ping ? > anyone has more files i should test ? > if not, i suggest to apply this google will publish this report in 5 days just a reminder this is a out of array write and it will be very easily searchable so anyone looking for unfixed bugs to exploit will try to exploit this thx [...]
Quoting Michael Niedermayer (2022-09-02 00:34:36) > On Tue, Jul 12, 2022 at 08:20:18PM +0200, Michael Niedermayer wrote: > > On Tue, Jun 14, 2022 at 12:09:59AM +0200, Michael Niedermayer wrote: > > > On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote: > > > > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc> > > > > wrote: > > > > > > > > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote: > > > > > > Have you checked this with longer samples? > > > > > > > > > > ive tested it with the files in the bink directory on samples > > > > > anything else i should test it with ? > > > > > > > > > > > > > Something longer, where is big gap between keyframes. > > > > > > I would have thought that some of the 46 files in the samples archieve > > > would have adequate gaps. > > > Can you share some better test file ? > > > > ping ? > > anyone has more files i should test ? > > if not, i suggest to apply this > > google will publish this report in 5 days > just a reminder this is a out of array write and it will be very easily > searchable so anyone looking for unfixed bugs to exploit will try to > exploit this Then push the patch and see if anyone comes up with any samples.
On Fri, Sep 02, 2022 at 09:11:26AM +0200, Anton Khirnov wrote: > Quoting Michael Niedermayer (2022-09-02 00:34:36) > > On Tue, Jul 12, 2022 at 08:20:18PM +0200, Michael Niedermayer wrote: > > > On Tue, Jun 14, 2022 at 12:09:59AM +0200, Michael Niedermayer wrote: > > > > On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote: > > > > > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc> > > > > > wrote: > > > > > > > > > > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote: > > > > > > > Have you checked this with longer samples? > > > > > > > > > > > > ive tested it with the files in the bink directory on samples > > > > > > anything else i should test it with ? > > > > > > > > > > > > > > > > Something longer, where is big gap between keyframes. > > > > > > > > I would have thought that some of the 46 files in the samples archieve > > > > would have adequate gaps. > > > > Can you share some better test file ? > > > > > > ping ? > > > anyone has more files i should test ? > > > if not, i suggest to apply this > > > > google will publish this report in 5 days > > just a reminder this is a out of array write and it will be very easily > > searchable so anyone looking for unfixed bugs to exploit will try to > > exploit this > > Then push the patch and see if anyone comes up with any samples. will do thx [...]
diff --git a/libavcodec/bink.c b/libavcodec/bink.c index ce740ad275..ed4406d97d 100644 --- a/libavcodec/bink.c +++ b/libavcodec/bink.c @@ -1088,7 +1088,7 @@ static int bink_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb, for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) { blk = get_value(c, BINK_SRC_BLOCK_TYPES); // 16x16 block type on odd line means part of the already decoded block, so skip it - if ((by & 1) && blk == SCALED_BLOCK) { + if (((by & 1) || (bx & 1)) && blk == SCALED_BLOCK) { bx++; dst += 8; prev += 8;
Fixes: out of array access Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/bink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)