From patchwork Thu Sep 13 23:51:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 10320 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:12c4:0:0:0:0:0 with SMTP id 65-v6csp86335jap; Thu, 13 Sep 2018 16:52:49 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYoV/apGlxfbLF1/ZsycVCIVtL5OzZA2IFmapZOf9xyUnCDjrGiM5ery1ylTyZw6qmm9YUP X-Received: by 2002:adf:8504:: with SMTP id 4-v6mr7178434wrh.72.1536882769765; Thu, 13 Sep 2018 16:52:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536882769; cv=none; d=google.com; s=arc-20160816; b=dCfL045WpHQD0K8AJ4tI1xsjlfx/MMlC3AzzuKDbcgI2Do3KUCKnOn86Yfm0pPIYFJ bFamovARRF0TYtV1LZXRL15B0/D2zfP2+76Iznwc+QmBEntIk01UNiC0CHTE//i7MhkL beLsXaDJukg+YWNOvxR56HCKth5SuiHdxGRgjQcTe4uHGAqhUMDbjRiMLXLZm6xtsjDy NDUgd8fIU46hVJ655m7KC8e6nxM5JBKpwcXtxyHKHvphnZxm9pKmKdkAo2FBC3VSo/TV SmqtUWfjUolMzfux5UFKGoZ4x3aNVdTyB5jCMAOwxmONg4DANG3CbHLU2gjlLoNRJHLq vO5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=2ndFEuzjYYZcBSHNASyPukxYXY2s8g6jBdVj54NrzLY=; b=u4ePn95xRpQH0s72AohIeUFo7Q8Jx1w9bA4IQ/uRu3BO/2LPKDEhUPhWrcG+AbP+J4 5EcKsW7qnkAYdyL8t88HQBtj+tqWz0cA1UHiMNBI7J6EQErj0Px3G2efDhngSlckSQxE 6pCmdXBxEPeffwNZb60O6LL9EqaGVL9h/mzaOogE6ECMhFU3HzY5k+rJR3oU8V2/BgZD gBnYI51Ft3ZlARd8eGt3OSLRMRhM+O7xhMfUkYjavocJYzl6eM7dild1T0yHIzLs2fjY 8BS5QHYvFJYhCXKoaHXnfCj1j3jUXRbymkXxl6dCIbrO7bEg5kFWdFNDyMQQUeWMVIgO gQzA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id i11-v6si4858483wrp.242.2018.09.13.16.52.48; Thu, 13 Sep 2018 16:52:49 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 299C7689B3B; Fri, 14 Sep 2018 02:52:36 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe07-1.mx.upcmail.net (vie01a-dmta-pe07-1.mx.upcmail.net [84.116.36.17]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B584968A29F for ; Fri, 14 Sep 2018 02:52:29 +0300 (EEST) Received: from [172.31.216.43] (helo=vie01a-pemc-psmtp-pe01) by vie01a-dmta-pe07.mx.upcmail.net with esmtp (Exim 4.88) (envelope-from ) id 1g0bPc-0000pn-7u for ffmpeg-devel@ffmpeg.org; Fri, 14 Sep 2018 01:52:40 +0200 Received: from localhost ([213.47.41.20]) by vie01a-pemc-psmtp-pe01 with SMTP @ mailcloud.upcmail.net id bBsa1y0070S5wYM01BsbJN; Fri, 14 Sep 2018 01:52:35 +0200 X-SourceIP: 213.47.41.20 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Fri, 14 Sep 2018 01:51:56 +0200 Message-Id: <20180913235156.9551-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180913235156.9551-1-michael@niedermayer.cc> References: <20180913235156.9551-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 2/2] avcodec/diracdec: check that GetBitContext has not ended in codeblock() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Fixes: Timeout (part 2 of 2) Fixes: 9774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5748957085958144 Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index cbd7fd1532..af561d1426 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -548,6 +548,8 @@ static inline int codeblock(DiracContext *s, SubBand *b, } } else { for (y = top; y < bottom; y++) { + if (get_bits_left(gb) < 1) + return AVERROR_INVALIDDATA; for (x = left; x < right; x++) { int val = coeff_unpack_golomb(gb, qfactor, qoffset); if (b->pshift) {