From patchwork Fri Aug 2 17:19:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 14198 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id BC79C4487E0 for ; Fri, 2 Aug 2019 20:19:20 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9F90B68ABC5; Fri, 2 Aug 2019 20:19:20 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BF84068ABC5 for ; Fri, 2 Aug 2019 20:19:13 +0300 (EEST) Received: from localhost (213-47-41-20.cable.dynamic.surfer.at [213.47.41.20]) (Authenticated sender: michael@niedermayer.cc) by relay11.mail.gandi.net (Postfix) with ESMTPSA id D070E100004 for ; Fri, 2 Aug 2019 17:19:12 +0000 (UTC) Date: Fri, 2 Aug 2019 19:19:11 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20190802171911.GN3219@michaelspb> References: <20190801214443.7695-1-michael@niedermayer.cc> <20190802124604.GA1650@03c6969757591f24d93ff278761a2e57> MIME-Version: 1.0 In-Reply-To: <20190802124604.GA1650@03c6969757591f24d93ff278761a2e57> User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [FFmpeg-devel] [PATCH 1/5] avcodec/vp8: do vp7_fade_frame() later X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" On Fri, Aug 02, 2019 at 10:46:04PM +1000, Peter Ross wrote: > On Thu, Aug 01, 2019 at 11:44:39PM +0200, Michael Niedermayer wrote: > > Fixes: Timeout (100sec -> 5sec) > > Fixes: 15073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5649257362620416 > > > > Untested as none of the vp7 samples i found executes this codepath > > see attached. its all i can find :( iam not sure iam making a mistake but these 2 files dont seem to execute it Tested with: AB is always 0 0 abort() is not reached ./ffmpeg -i vp7digimona_frame32.avi -f null - [...] --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -506,7 +506,7 @@ static int vp7_fade_frame(VP8Context *s, VP56RangeCoder *c) int alpha = (int8_t) vp8_rac_get_uint(c, 8); int beta = (int8_t) vp8_rac_get_uint(c, 8); int ret; - +av_log(0,0, "AB %d %d\n", alpha, beta); if (c->end <= c->buffer && c->bits >= 0) return AVERROR_INVALIDDATA; @@ -514,7 +514,7 @@ static int vp7_fade_frame(VP8Context *s, VP56RangeCoder *c) int width = s->mb_width * 16; int height = s->mb_height * 16; AVFrame *src, *dst; - +abort(); if (!s->framep[VP56_FRAME_PREVIOUS] || !s->framep[VP56_FRAME_GOLDEN]) { av_log(s->avctx, AV_LOG_WARNING, "Discarding interframe without a prior keyframe!\n");