[FFmpeg-devel,3/5] avcodec/pnm: skip reading trailing bytes in get_pnm()

Submitted by Michael Niedermayer on Aug. 1, 2019, 9:44 p.m.

Details

Message ID 20190801214443.7695-3-michael@niedermayer.cc
State Accepted
Commit 68f30567df5659190bb0515e027be8f1a8116bc5
Headers show

Commit Message

Michael Niedermayer Aug. 1, 2019, 9:44 p.m.
None of the keys we support is that long and other keys
lead to decoder failure. None of the values is expected
to be longer, they are all numbers or short keywords.

This simplifies the code

Fixes: Timeout (9sec->43ms)
Fixes: 15177/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAM_fuzzer-5080556716425216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/pnm.c | 2 --
 1 file changed, 2 deletions(-)

Comments

Michael Niedermayer Aug. 23, 2019, 1:44 p.m.
On Thu, Aug 01, 2019 at 11:44:41PM +0200, Michael Niedermayer wrote:
> None of the keys we support is that long and other keys
> lead to decoder failure. None of the values is expected
> to be longer, they are all numbers or short keywords.
> 
> This simplifies the code
> 
> Fixes: Timeout (9sec->43ms)
> Fixes: 15177/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAM_fuzzer-5080556716425216
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/pnm.c | 2 --
>  1 file changed, 2 deletions(-)

will apply

[...]

Patch hide | download patch | download mbox

diff --git a/libavcodec/pnm.c b/libavcodec/pnm.c
index a613f13477..28143617c4 100644
--- a/libavcodec/pnm.c
+++ b/libavcodec/pnm.c
@@ -58,8 +58,6 @@  static void pnm_get(PNMContext *sc, char *str, int buf_size)
         c = *bs++;
     }
     *s = '\0';
-    while (bs < end && !pnm_space(c))
-        c = *bs++;
     sc->bytestream = bs;
 }