diff mbox

[FFmpeg-devel,4/8] avcodec/loco: Check left column value

Message ID 20190812191708.22608-4-michael@niedermayer.cc
State Accepted
Commit c812db814ebd603106220854e343558ec1115e57
Headers show

Commit Message

Michael Niedermayer Aug. 12, 2019, 7:17 p.m. UTC 
Fixes: Timeout (42sec -> 379 ms)
Fixes: 16323/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5679178099195904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/loco.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Paul B Mahol Aug. 14, 2019, 4 p.m. UTC | #1 
LGTM

On Mon, Aug 12, 2019 at 9:20 PM Michael Niedermayer <michael@niedermayer.cc>
wrote:

> Fixes: Timeout (42sec -> 379 ms)
> Fixes:
> 16323/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5679178099195904
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/loco.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/libavcodec/loco.c b/libavcodec/loco.c
> index 5fb414b411..d8bf68a100 100644
> --- a/libavcodec/loco.c
> +++ b/libavcodec/loco.c
> @@ -161,6 +161,8 @@ static int loco_decode_plane(LOCOContext *l, uint8_t
> *data, int width, int heigh
>      for (j = 1; j < height; j++) {
>          /* restore left column */
>          val = loco_get_rice(&rc);
> +        if (val == INT_MIN)
> +           return AVERROR_INVALIDDATA;
>          data[0] = data[-stride] + val;
>          /* restore all other pixels */
>          for (i = 1; i < width; i++) {
> --
> 2.22.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Michael Niedermayer Aug. 14, 2019, 5:34 p.m. UTC | #2 
On Wed, Aug 14, 2019 at 06:00:01PM +0200, Paul B Mahol wrote:
> LGTM

will apply

thx

[...]
diff mbox

Patch

diff --git a/libavcodec/loco.c b/libavcodec/loco.c
index 5fb414b411..d8bf68a100 100644
--- a/libavcodec/loco.c
+++ b/libavcodec/loco.c
@@ -161,6 +161,8 @@  static int loco_decode_plane(LOCOContext *l, uint8_t *data, int width, int heigh
     for (j = 1; j < height; j++) {
         /* restore left column */
         val = loco_get_rice(&rc);
+        if (val == INT_MIN)
+           return AVERROR_INVALIDDATA;
         data[0] = data[-stride] + val;
         /* restore all other pixels */
         for (i = 1; i < width; i++) {