diff mbox

[FFmpeg-devel,3/5] avcodec/pnm: skip reading trailing bytes in get_pnm()

Message ID 20190801214443.7695-3-michael@niedermayer.cc
State Accepted
Commit 68f30567df5659190bb0515e027be8f1a8116bc5
Headers show

Commit Message

Michael Niedermayer Aug. 1, 2019, 9:44 p.m. UTC 
None of the keys we support is that long and other keys
lead to decoder failure. None of the values is expected
to be longer, they are all numbers or short keywords.

This simplifies the code

Fixes: Timeout (9sec->43ms)
Fixes: 15177/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAM_fuzzer-5080556716425216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/pnm.c | 2 --
 1 file changed, 2 deletions(-)

Comments

Michael Niedermayer Aug. 23, 2019, 1:44 p.m. UTC | #1 
On Thu, Aug 01, 2019 at 11:44:41PM +0200, Michael Niedermayer wrote:
> None of the keys we support is that long and other keys
> lead to decoder failure. None of the values is expected
> to be longer, they are all numbers or short keywords.
> 
> This simplifies the code
> 
> Fixes: Timeout (9sec->43ms)
> Fixes: 15177/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAM_fuzzer-5080556716425216
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/pnm.c | 2 --
>  1 file changed, 2 deletions(-)

will apply

[...]
diff mbox

Patch

diff --git a/libavcodec/pnm.c b/libavcodec/pnm.c
index a613f13477..28143617c4 100644
--- a/libavcodec/pnm.c
+++ b/libavcodec/pnm.c
@@ -58,8 +58,6 @@  static void pnm_get(PNMContext *sc, char *str, int buf_size)
         c = *bs++;
     }
     *s = '\0';
-    while (bs < end && !pnm_space(c))
-        c = *bs++;
     sc->bytestream = bs;
 }