| Message ID | 20190719225451.31783-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 5941b7f615b0c0cab0d8f8613b918de75d3c1222 |
| Headers | show |
On 7/20/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type > 'int' > Fixes: > 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/dvbsubdec.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c > index bc4a17bde0..6e7e13b6eb 100644 > --- a/libavcodec/dvbsubdec.c > +++ b/libavcodec/dvbsubdec.c > @@ -1578,8 +1578,9 @@ static int > dvbsub_parse_display_definition_segment(AVCodecContext *avctx, > display_def->width = bytestream_get_be16(&buf) + 1; > display_def->height = bytestream_get_be16(&buf) + 1; > if (!avctx->width || !avctx->height) { > - avctx->width = display_def->width; > - avctx->height = display_def->height; > + int ret = ff_set_dimensions(avctx, display_def->width, > display_def->height); > + if (ret < 0) > + return ret; > } > > if (info_byte & 1<<3) { // display_window_flag > -- > 2.22.0 > LGTM > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Sat, Jul 20, 2019 at 11:02:35AM +0200, Paul B Mahol wrote: > On 7/20/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > > Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type > > 'int' > > Fixes: > > 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/dvbsubdec.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c > > index bc4a17bde0..6e7e13b6eb 100644 > > --- a/libavcodec/dvbsubdec.c > > +++ b/libavcodec/dvbsubdec.c > > @@ -1578,8 +1578,9 @@ static int > > dvbsub_parse_display_definition_segment(AVCodecContext *avctx, > > display_def->width = bytestream_get_be16(&buf) + 1; > > display_def->height = bytestream_get_be16(&buf) + 1; > > if (!avctx->width || !avctx->height) { > > - avctx->width = display_def->width; > > - avctx->height = display_def->height; > > + int ret = ff_set_dimensions(avctx, display_def->width, > > display_def->height); > > + if (ret < 0) > > + return ret; > > } > > > > if (info_byte & 1<<3) { // display_window_flag > > -- > > 2.22.0 > > > > LGTM will apply thanks [...]
diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c index bc4a17bde0..6e7e13b6eb 100644 --- a/libavcodec/dvbsubdec.c +++ b/libavcodec/dvbsubdec.c @@ -1578,8 +1578,9 @@ static int dvbsub_parse_display_definition_segment(AVCodecContext *avctx, display_def->width = bytestream_get_be16(&buf) + 1; display_def->height = bytestream_get_be16(&buf) + 1; if (!avctx->width || !avctx->height) { - avctx->width = display_def->width; - avctx->height = display_def->height; + int ret = ff_set_dimensions(avctx, display_def->width, display_def->height); + if (ret < 0) + return ret; } if (info_byte & 1<<3) { // display_window_flag
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int' Fixes: 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/dvbsubdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)