Message ID | 20190107014450.5431-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 038d291b70bffa550cde552f8325e1b9f71f0646 |
Headers | show |
On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: Timeout > Fixes: > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > > Before: Executed > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > in 9470 ms > After : Executed > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > in 134 ms > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/qpeg.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c > index cb452621e7..654fd998d6 100644 > --- a/libavcodec/qpeg.c > +++ b/libavcodec/qpeg.c > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx, uint8_t > *dst, > > p = bytestream2_get_byte(&qctx->buffer); > for(i = 0; i < run; i++) { > - dst[filled++] = p; > + int step = FFMIN(run - i, width - filled); > + memset(dst+filled, p, step); > + filled += step; > + i += step - 1; > if (filled >= width) { > filled = 0; > dst -= stride; > -- > 2.20.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > lgtm if output does not change.
On Mon, Jan 07, 2019 at 07:41:04PM +0100, Paul B Mahol wrote: > On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > > Fixes: Timeout > > Fixes: > > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > > > > Before: Executed > > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > > in 9470 ms > > After : Executed > > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > > in 134 ms > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/qpeg.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c > > index cb452621e7..654fd998d6 100644 > > --- a/libavcodec/qpeg.c > > +++ b/libavcodec/qpeg.c > > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx, uint8_t > > *dst, > > > > p = bytestream2_get_byte(&qctx->buffer); > > for(i = 0; i < run; i++) { > > - dst[filled++] = p; > > + int step = FFMIN(run - i, width - filled); > > + memset(dst+filled, p, step); > > + filled += step; > > + i += step - 1; > > if (filled >= width) { > > filled = 0; > > dst -= stride; > > -- > > 2.20.1 > > > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > lgtm if output does not change. fate-qpeg passes and it executes this codepath do you have any other files i should test ? thx [...]
On 1/7/19, https://ieeexplore.ieee.org/document/7291728Michael Niedermayer <michael@niedermayer.cc> wrote: > On Mon, Jan 07, 2019 at 07:41:04PM +0100, Paul B Mahol wrote: >> On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote: >> > Fixes: Timeout >> > Fixes: >> > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 >> > >> > Before: Executed >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 >> > in 9470 ms >> > After : Executed >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 >> > in 134 ms >> > >> > Found-by: continuous fuzzing process >> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >> > --- >> > libavcodec/qpeg.c | 5 ++++- >> > 1 file changed, 4 insertions(+), 1 deletion(-) >> > >> > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c >> > index cb452621e7..654fd998d6 100644 >> > --- a/libavcodec/qpeg.c >> > +++ b/libavcodec/qpeg.c >> > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx, >> > uint8_t >> > *dst, >> > >> > p = bytestream2_get_byte(&qctx->buffer); >> > for(i = 0; i < run; i++) { >> > - dst[filled++] = p; >> > + int step = FFMIN(run - i, width - filled); >> > + memset(dst+filled, p, step); >> > + filled += step; >> > + i += step - 1; >> > if (filled >= width) { >> > filled = 0; >> > dst -= stride; >> > -- >> > 2.20.1 >> > >> > _______________________________________________ >> > ffmpeg-devel mailing list >> > ffmpeg-devel@ffmpeg.org >> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel >> > >> >> lgtm if output does not change. > > fate-qpeg passes and it executes this codepath > do you have any other files i should test ? > look in samples.ffmpeg.org ? > thx > > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Good people do not need laws to tell them to act responsibly, while bad > people will find a way around the laws. -- Plato >
On Mon, Jan 07, 2019 at 08:51:33PM +0100, Paul B Mahol wrote: > On 1/7/19, https://ieeexplore.ieee.org/document/7291728Michael > Niedermayer <michael@niedermayer.cc> wrote: > > On Mon, Jan 07, 2019 at 07:41:04PM +0100, Paul B Mahol wrote: > >> On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > >> > Fixes: Timeout > >> > Fixes: > >> > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > >> > > >> > Before: Executed > >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > >> > in 9470 ms > >> > After : Executed > >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 > >> > in 134 ms > >> > > >> > Found-by: continuous fuzzing process > >> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > >> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > >> > --- > >> > libavcodec/qpeg.c | 5 ++++- > >> > 1 file changed, 4 insertions(+), 1 deletion(-) > >> > > >> > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c > >> > index cb452621e7..654fd998d6 100644 > >> > --- a/libavcodec/qpeg.c > >> > +++ b/libavcodec/qpeg.c > >> > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx, > >> > uint8_t > >> > *dst, > >> > > >> > p = bytestream2_get_byte(&qctx->buffer); > >> > for(i = 0; i < run; i++) { > >> > - dst[filled++] = p; > >> > + int step = FFMIN(run - i, width - filled); > >> > + memset(dst+filled, p, step); > >> > + filled += step; > >> > + i += step - 1; > >> > if (filled >= width) { > >> > filled = 0; > >> > dst -= stride; > >> > -- > >> > 2.20.1 > >> > > >> > _______________________________________________ > >> > ffmpeg-devel mailing list > >> > ffmpeg-devel@ffmpeg.org > >> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > >> > > >> > >> lgtm if output does not change. > > > > fate-qpeg passes and it executes this codepath > > do you have any other files i should test ? > > > > look in samples.ffmpeg.org ? ive found and tested qpeg-test.avi Space.avi Clock.avi anything else i should test ? thanks [...]
On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > On Mon, Jan 07, 2019 at 08:51:33PM +0100, Paul B Mahol wrote: >> On 1/7/19, https://ieeexplore.ieee.org/document/7291728Michael >> Niedermayer <michael@niedermayer.cc> wrote: >> > On Mon, Jan 07, 2019 at 07:41:04PM +0100, Paul B Mahol wrote: >> >> On 1/7/19, Michael Niedermayer <michael@niedermayer.cc> wrote: >> >> > Fixes: Timeout >> >> > Fixes: >> >> > 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 >> >> > >> >> > Before: Executed >> >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 >> >> > in 9470 ms >> >> > After : Executed >> >> > clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 >> >> > in 134 ms >> >> > >> >> > Found-by: continuous fuzzing process >> >> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> >> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >> >> > --- >> >> > libavcodec/qpeg.c | 5 ++++- >> >> > 1 file changed, 4 insertions(+), 1 deletion(-) >> >> > >> >> > diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c >> >> > index cb452621e7..654fd998d6 100644 >> >> > --- a/libavcodec/qpeg.c >> >> > +++ b/libavcodec/qpeg.c >> >> > @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx, >> >> > uint8_t >> >> > *dst, >> >> > >> >> > p = bytestream2_get_byte(&qctx->buffer); >> >> > for(i = 0; i < run; i++) { >> >> > - dst[filled++] = p; >> >> > + int step = FFMIN(run - i, width - filled); >> >> > + memset(dst+filled, p, step); >> >> > + filled += step; >> >> > + i += step - 1; >> >> > if (filled >= width) { >> >> > filled = 0; >> >> > dst -= stride; >> >> > -- >> >> > 2.20.1 >> >> > >> >> > _______________________________________________ >> >> > ffmpeg-devel mailing list >> >> > ffmpeg-devel@ffmpeg.org >> >> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel >> >> > >> >> >> >> lgtm if output does not change. >> > >> > fate-qpeg passes and it executes this codepath >> > do you have any other files i should test ? >> > >> >> look in samples.ffmpeg.org ? > > ive found and tested > qpeg-test.avi > Space.avi > Clock.avi > > anything else i should test ? Every single possible encoder output. On serious side its fine. > > thanks > > [...] > > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > The educated differ from the uneducated as much as the living from the > dead. -- Aristotle >
diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c index cb452621e7..654fd998d6 100644 --- a/libavcodec/qpeg.c +++ b/libavcodec/qpeg.c @@ -80,7 +80,10 @@ static void qpeg_decode_intra(QpegContext *qctx, uint8_t *dst, p = bytestream2_get_byte(&qctx->buffer); for(i = 0; i < run; i++) { - dst[filled++] = p; + int step = FFMIN(run - i, width - filled); + memset(dst+filled, p, step); + filled += step; + i += step - 1; if (filled >= width) { filled = 0; dst -= stride;
Fixes: Timeout Fixes: 11354/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 Before: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 in 9470 ms After : Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5766275943366656 in 134 ms Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/qpeg.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)