diff mbox

[FFmpeg-devel] avcodec/wmv2dec: skip frames that have only skiped MBs

Message ID 20180826142915.31727-1-michael@niedermayer.cc
State Accepted
Commit 0c88a5d3eb8cd6891a52eb285b37b1458f0b4b16
Headers show

Commit Message

Michael Niedermayer Aug. 26, 2018, 2:29 p.m. UTC 
This requires us to pre-parse the skip data, as we want to
detect this before allocating all the arrays

Fixes: Timeout
Fixes: 9708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5729709861109760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wmv2dec.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

Comments

Michael Niedermayer Sept. 2, 2018, 9:38 p.m. UTC | #1 
On Sun, Aug 26, 2018 at 04:29:15PM +0200, Michael Niedermayer wrote:
> This requires us to pre-parse the skip data, as we want to
> detect this before allocating all the arrays
> 
> Fixes: Timeout
> Fixes: 9708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5729709861109760

will apply

[...]
diff mbox

Patch

diff --git a/libavcodec/wmv2dec.c b/libavcodec/wmv2dec.c
index ea0e0594b5..4f97d9227c 100644
--- a/libavcodec/wmv2dec.c
+++ b/libavcodec/wmv2dec.c
@@ -141,6 +141,21 @@  int ff_wmv2_decode_picture_header(MpegEncContext *s)
     if (s->qscale <= 0)
         return AVERROR_INVALIDDATA;
 
+    if (s->pict_type != AV_PICTURE_TYPE_I && show_bits(&s->gb, 1)) {
+        GetBitContext gb = s->gb;
+        int skip_type = get_bits(&gb, 2);
+        int run = skip_type == SKIP_TYPE_COL ? s->mb_width : s->mb_height;
+
+        while (run > 0) {
+            int block = FFMIN(run, 25);
+            if (get_bits(&gb, block) + 1 != 1<<block)
+                break;
+            run -= block;
+        }
+        if (!run)
+            return FRAME_SKIPPED;
+    }
+
     return 0;
 }