| Message ID | 20190830232503.17889-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | a370582ba9c4e0db4e8518d4df199003d36bea16 |
| Headers | show |
On 8/30/2019 8:25 PM, Michael Niedermayer wrote: > Fixes: memory corruption > Fixes: 16702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5768418552184832 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > tools/target_dec_fuzzer.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c > index e22a0c5c34..901dbca385 100644 > --- a/tools/target_dec_fuzzer.c > +++ b/tools/target_dec_fuzzer.c > @@ -194,6 +194,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { > // Read very simple container > AVPacket avpkt, parsepkt; > av_init_packet(&avpkt); > + av_init_packet(&parsepkt); > while (data < end && it < maxiteration) { > // Search for the TAG > while (data + sizeof(fuzz_tag) < end) { > LGTM.
On Fri, Aug 30, 2019 at 08:51:53PM -0300, James Almer wrote: > On 8/30/2019 8:25 PM, Michael Niedermayer wrote: > > Fixes: memory corruption > > Fixes: 16702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5768418552184832 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > tools/target_dec_fuzzer.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c > > index e22a0c5c34..901dbca385 100644 > > --- a/tools/target_dec_fuzzer.c > > +++ b/tools/target_dec_fuzzer.c > > @@ -194,6 +194,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { > > // Read very simple container > > AVPacket avpkt, parsepkt; > > av_init_packet(&avpkt); > > + av_init_packet(&parsepkt); > > while (data < end && it < maxiteration) { > > // Search for the TAG > > while (data + sizeof(fuzz_tag) < end) { > > > > LGTM. will apply thx [...]
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index e22a0c5c34..901dbca385 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -194,6 +194,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { // Read very simple container AVPacket avpkt, parsepkt; av_init_packet(&avpkt); + av_init_packet(&parsepkt); while (data < end && it < maxiteration) { // Search for the TAG while (data + sizeof(fuzz_tag) < end) {
Fixes: memory corruption Fixes: 16702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5768418552184832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- tools/target_dec_fuzzer.c | 1 + 1 file changed, 1 insertion(+)