diff mbox

[FFmpeg-devel] avcodec/qpeg: Optimize long runs in qpeg_decode_intra() not spanning a full row

Message ID 20190107014450.5431-1-michael@niedermayer.cc
State Accepted
Commit 038d291b70bffa550cde552f8325e1b9f71f0646
Headers show

Commit Message

Michael Niedermayer Jan. 7, 2019, 1:44 a.m. UTC 
Fixes: Timeout
Fixes: 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656

Before: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 in 9470 ms
After : Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 in  134 ms

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/qpeg.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Paul B Mahol Jan. 7, 2019, 6:41 p.m. UTC | #1 
On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: Timeout
> Fixes:
> 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
>
> Before: Executed
> clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
> in 9470 ms
> After : Executed
> clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
> in  134 ms
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/qpeg.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
> index cb452621e7..654fd998d6 100644
> --- a/libavcodec/qpeg.c
> +++ b/libavcodec/qpeg.c
> @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx, uint8_t
> *dst,
>
>              p = bytestream2_get_byte(&qctx->buffer);
>              for(i = 0; i < run; i++) {
> -                dst[filled++] = p;
> +                int step = FFMIN(run - i, width - filled);
> +                memset(dst+filled, p, step);
> +                filled += step;
> +                i      += step - 1;
>                  if (filled >= width) {
>                      filled = 0;
>                      dst -= stride;
> --
> 2.20.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

lgtm if output does not change.
Michael Niedermayer Jan. 7, 2019, 7:48 p.m. UTC | #2 
On Mon, Jan 07, 2019 at 07:41:04PM +0100, Paul B Mahol wrote:
> On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > Fixes: Timeout
> > Fixes:
> > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
> >
> > Before: Executed
> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
> > in 9470 ms
> > After : Executed
> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
> > in  134 ms
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/qpeg.c | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
> > index cb452621e7..654fd998d6 100644
> > --- a/libavcodec/qpeg.c
> > +++ b/libavcodec/qpeg.c
> > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx, uint8_t
> > *dst,
> >
> >              p = bytestream2_get_byte(&qctx->buffer);
> >              for(i = 0; i < run; i++) {
> > -                dst[filled++] = p;
> > +                int step = FFMIN(run - i, width - filled);
> > +                memset(dst+filled, p, step);
> > +                filled += step;
> > +                i      += step - 1;
> >                  if (filled >= width) {
> >                      filled = 0;
> >                      dst -= stride;
> > --
> > 2.20.1
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> 
> lgtm if output does not change.

fate-qpeg passes and it executes this codepath
do you have any other files i should test ?

thx


[...]
Paul B Mahol Jan. 7, 2019, 7:51 p.m. UTC | #3 
On 1/7/19, https://ieeexplore.ieee.org/document/7291728Michael
Niedermayer <michael@niedermayer.cc> wrote:
> On Mon, Jan 07, 2019 at 07:41:04PM +0100, Paul B Mahol wrote:
>> On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
>> > Fixes: Timeout
>> > Fixes:
>> > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
>> >
>> > Before: Executed
>> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
>> > in 9470 ms
>> > After : Executed
>> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
>> > in  134 ms
>> >
>> > Found-by: continuous fuzzing process
>> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>> > ---
>> >  libavcodec/qpeg.c | 5 ++++-
>> >  1 file changed, 4 insertions(+), 1 deletion(-)
>> >
>> > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
>> > index cb452621e7..654fd998d6 100644
>> > --- a/libavcodec/qpeg.c
>> > +++ b/libavcodec/qpeg.c
>> > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx,
>> > uint8_t
>> > *dst,
>> >
>> >              p = bytestream2_get_byte(&qctx->buffer);
>> >              for(i = 0; i < run; i++) {
>> > -                dst[filled++] = p;
>> > +                int step = FFMIN(run - i, width - filled);
>> > +                memset(dst+filled, p, step);
>> > +                filled += step;
>> > +                i      += step - 1;
>> >                  if (filled >= width) {
>> >                      filled = 0;
>> >                      dst -= stride;
>> > --
>> > 2.20.1
>> >
>> > _______________________________________________
>> > ffmpeg-devel mailing list
>> > ffmpeg-devel@ffmpeg.org
>> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>> >
>>
>> lgtm if output does not change.
>
> fate-qpeg passes and it executes this codepath
> do you have any other files i should test ?
>

look in samples.ffmpeg.org ?

> thx
>
>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Good people do not need laws to tell them to act responsibly, while bad
> people will find a way around the laws. -- Plato
>
Michael Niedermayer Jan. 7, 2019, 8:21 p.m. UTC | #4 
On Mon, Jan 07, 2019 at 08:51:33PM +0100, Paul B Mahol wrote:
> On 1/7/19, https://ieeexplore.ieee.org/document/7291728Michael
> Niedermayer <michael@niedermayer.cc> wrote:
> > On Mon, Jan 07, 2019 at 07:41:04PM +0100, Paul B Mahol wrote:
> >> On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
> >> > Fixes: Timeout
> >> > Fixes:
> >> > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
> >> >
> >> > Before: Executed
> >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
> >> > in 9470 ms
> >> > After : Executed
> >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
> >> > in  134 ms
> >> >
> >> > Found-by: continuous fuzzing process
> >> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> >> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> >> > ---
> >> >  libavcodec/qpeg.c | 5 ++++-
> >> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >> >
> >> > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
> >> > index cb452621e7..654fd998d6 100644
> >> > --- a/libavcodec/qpeg.c
> >> > +++ b/libavcodec/qpeg.c
> >> > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx,
> >> > uint8_t
> >> > *dst,
> >> >
> >> >              p = bytestream2_get_byte(&qctx->buffer);
> >> >              for(i = 0; i < run; i++) {
> >> > -                dst[filled++] = p;
> >> > +                int step = FFMIN(run - i, width - filled);
> >> > +                memset(dst+filled, p, step);
> >> > +                filled += step;
> >> > +                i      += step - 1;
> >> >                  if (filled >= width) {
> >> >                      filled = 0;
> >> >                      dst -= stride;
> >> > --
> >> > 2.20.1
> >> >
> >> > _______________________________________________
> >> > ffmpeg-devel mailing list
> >> > ffmpeg-devel@ffmpeg.org
> >> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >> >
> >>
> >> lgtm if output does not change.
> >
> > fate-qpeg passes and it executes this codepath
> > do you have any other files i should test ?
> >
> 
> look in samples.ffmpeg.org ?

ive found and tested
qpeg-test.avi
Space.avi
Clock.avi

anything else i should test ?

thanks

[...]
Paul B Mahol Jan. 7, 2019, 8:24 p.m. UTC | #5 
On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
> On Mon, Jan 07, 2019 at 08:51:33PM +0100, Paul B Mahol wrote:
>> On 1/7/19, https://ieeexplore.ieee.org/document/7291728Michael
>> Niedermayer <michael@niedermayer.cc> wrote:
>> > On Mon, Jan 07, 2019 at 07:41:04PM +0100, Paul B Mahol wrote:
>> >> On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
>> >> > Fixes: Timeout
>> >> > Fixes:
>> >> > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
>> >> >
>> >> > Before: Executed
>> >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
>> >> > in 9470 ms
>> >> > After : Executed
>> >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656
>> >> > in  134 ms
>> >> >
>> >> > Found-by: continuous fuzzing process
>> >> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> >> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>> >> > ---
>> >> >  libavcodec/qpeg.c | 5 ++++-
>> >> >  1 file changed, 4 insertions(+), 1 deletion(-)
>> >> >
>> >> > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
>> >> > index cb452621e7..654fd998d6 100644
>> >> > --- a/libavcodec/qpeg.c
>> >> > +++ b/libavcodec/qpeg.c
>> >> > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx,
>> >> > uint8_t
>> >> > *dst,
>> >> >
>> >> >              p = bytestream2_get_byte(&qctx->buffer);
>> >> >              for(i = 0; i < run; i++) {
>> >> > -                dst[filled++] = p;
>> >> > +                int step = FFMIN(run - i, width - filled);
>> >> > +                memset(dst+filled, p, step);
>> >> > +                filled += step;
>> >> > +                i      += step - 1;
>> >> >                  if (filled >= width) {
>> >> >                      filled = 0;
>> >> >                      dst -= stride;
>> >> > --
>> >> > 2.20.1
>> >> >
>> >> > _______________________________________________
>> >> > ffmpeg-devel mailing list
>> >> > ffmpeg-devel@ffmpeg.org
>> >> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>> >> >
>> >>
>> >> lgtm if output does not change.
>> >
>> > fate-qpeg passes and it executes this codepath
>> > do you have any other files i should test ?
>> >
>>
>> look in samples.ffmpeg.org ?
>
> ive found and tested
> qpeg-test.avi
> Space.avi
> Clock.avi
>
> anything else i should test ?

Every single possible encoder output.
On serious side its fine.

>
> thanks
>
> [...]
>
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> The educated differ from the uneducated as much as the living from the
> dead. -- Aristotle
>
diff mbox

Patch

diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
index cb452621e7..654fd998d6 100644
--- a/libavcodec/qpeg.c
+++ b/libavcodec/qpeg.c
@@ -80,7 +80,10 @@  static void qpeg_decode_intra(QpegContext *qctx, uint8_t *dst,
 
             p = bytestream2_get_byte(&qctx->buffer);
             for(i = 0; i < run; i++) {
-                dst[filled++] = p;
+                int step = FFMIN(run - i, width - filled);
+                memset(dst+filled, p, step);
+                filled += step;
+                i      += step - 1;
                 if (filled >= width) {
                     filled = 0;
                     dst -= stride;