| Message ID | 20190623230104.13666-1-michael@niedermayer.cc |
|---|---|
| State | New |
| Headers | show |
On Mon, Jun 24, 2019 at 01:01:02 +0200, Michael Niedermayer wrote: > + if (sb + (j + k) / 64 > 29) { [...] > if (coding_method[ch][sb + (j + k) / 64][(j + k) % 64] > coding_method[ch][sb][j]) { You could do the "sb + (j + k) / 64]" calculation only once and reuse the result. OTOH, this code is full of magic numbers (notably 30, where your 29 derives from) which could nicely make use of macros, but don't, so it probably doesn't matter. Moritz
On Mon, Jun 24, 2019 at 02:09:57PM +0200, Moritz Barsnick wrote: > On Mon, Jun 24, 2019 at 01:01:02 +0200, Michael Niedermayer wrote: > > + if (sb + (j + k) / 64 > 29) { > [...] > > if (coding_method[ch][sb + (j + k) / 64][(j + k) % 64] > coding_method[ch][sb][j]) { > > You could do the "sb + (j + k) / 64]" calculation only once and reuse > the result. OTOH, this code is full of magic numbers (notably 30, where > your 29 derives from) which could nicely make use of macros, but don't, > so it probably doesn't matter. ill factor the value in a seperate variable and will apply thanks [...]
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index 1397218bdd..52c7cc73a0 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -408,6 +408,10 @@ static int fix_coding_method_array(int sb, int channels, } for (k = 0; k < run; k++) { if (j + k < 128) { + if (sb + (j + k) / 64 > 29) { + SAMPLES_NEEDED + continue; + } if (coding_method[ch][sb + (j + k) / 64][(j + k) % 64] > coding_method[ch][sb][j]) { if (k > 0) { SAMPLES_NEEDED
Instead we ask for a sample, its unclear what to do in this case. Fixes: index 30 out of bounds for type 'int8_t [30][64]' Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/qdm2.c | 4 ++++ 1 file changed, 4 insertions(+)