Message ID | 20170225200726.7928-2-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 0716bcce5bdc6299da2966f34cb62eba3f709be8 |
Headers | show |
On 2/25/17, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes invalid shift > > Fixes: 670/clusterfuzz-testcase-4852021066727424 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/ituh263dec.c | 3 +++ > 1 file changed, 3 insertions(+) > How this fixes invalid shift? Someone could manually add bunch of zero bits at right place.
On Sat, Feb 25, 2017 at 10:03:58PM +0100, Paul B Mahol wrote: > On 2/25/17, Michael Niedermayer <michael@niedermayer.cc> wrote: > > Fixes invalid shift > > > > Fixes: 670/clusterfuzz-testcase-4852021066727424 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/ituh263dec.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > How this fixes invalid shift? Someone could manually add bunch of zero theres a v >>= 16 - get_bits_left(&s->gb); [...]
On 2/25/17, Michael Niedermayer <michael@niedermayer.cc> wrote: > On Sat, Feb 25, 2017 at 10:03:58PM +0100, Paul B Mahol wrote: >> On 2/25/17, Michael Niedermayer <michael@niedermayer.cc> wrote: >> > Fixes invalid shift >> > >> > Fixes: 670/clusterfuzz-testcase-4852021066727424 >> > >> > Found-by: continuous fuzzing process >> > https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg >> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >> > --- >> > libavcodec/ituh263dec.c | 3 +++ >> > 1 file changed, 3 insertions(+) >> > >> >> How this fixes invalid shift? Someone could manually add bunch of zero > > theres a > > v >>= 16 - get_bits_left(&s->gb); ok then
On Sun, Feb 26, 2017 at 10:06:18AM +0100, Paul B Mahol wrote: > On 2/25/17, Michael Niedermayer <michael@niedermayer.cc> wrote: > > On Sat, Feb 25, 2017 at 10:03:58PM +0100, Paul B Mahol wrote: > >> On 2/25/17, Michael Niedermayer <michael@niedermayer.cc> wrote: > >> > Fixes invalid shift > >> > > >> > Fixes: 670/clusterfuzz-testcase-4852021066727424 > >> > > >> > Found-by: continuous fuzzing process > >> > https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg > >> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > >> > --- > >> > libavcodec/ituh263dec.c | 3 +++ > >> > 1 file changed, 3 insertions(+) > >> > > >> > >> How this fixes invalid shift? Someone could manually add bunch of zero > > > > theres a > > > > v >>= 16 - get_bits_left(&s->gb); > > ok then applied thx [...]
diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c index 09b6a2f17d..e39338870f 100644 --- a/libavcodec/ituh263dec.c +++ b/libavcodec/ituh263dec.c @@ -962,6 +962,9 @@ intra: } end: + if (get_bits_left(&s->gb) < 0) + return AVERROR_INVALIDDATA; + /* per-MB end of slice check */ { int v= show_bits(&s->gb, 16);
Fixes invalid shift Fixes: 670/clusterfuzz-testcase-4852021066727424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/ituh263dec.c | 3 +++ 1 file changed, 3 insertions(+)