Message ID | 20190930231254.23993-5-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | a76690c02b4fd12d7fac6f753af8bad72c82d55c |
Headers | show |
How are you sure this is still correctly decoding samples? On 10/1/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: shift exponent -4 is negative > Fixes: > 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/dstdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c > index 8a1bc6a738..b2dea4a177 100644 > --- a/libavcodec/dstdec.c > +++ b/libavcodec/dstdec.c > @@ -120,7 +120,7 @@ static int read_map(GetBitContext *gb, Table *t, > unsigned int map[DST_MAX_CHANNE > > static av_always_inline int get_sr_golomb_dst(GetBitContext *gb, unsigned > int k) > { > - int v = get_ur_golomb(gb, k, get_bits_left(gb), 0); > + int v = get_ur_golomb_jpegls(gb, k, get_bits_left(gb), 0); > if (v && get_bits1(gb)) > v = -v; > return v; > -- > 2.23.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Tue, Oct 08, 2019 at 05:44:55PM +0200, Paul B Mahol wrote: > How are you sure this is still correctly decoding samples? get_ur_golomb() implements a optimized ur golomb reader for short limits with escape codes. get_ur_golomb_jpegls() supports longer codes but is slower, it differs in how it handles escape codes DST uses no limit and no escape coding it thus cannot use get_ur_golomb() the apparent schoolbook form of ur codes used in DST should produce the same value with both functions where they support it. Do you still think there is a problem ? if so please explain, i do not see one but iam human i can certainly miss issues. Thanks > > On 10/1/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > > Fixes: shift exponent -4 is negative > > Fixes: > > 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/dstdec.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c > > index 8a1bc6a738..b2dea4a177 100644 > > --- a/libavcodec/dstdec.c > > +++ b/libavcodec/dstdec.c > > @@ -120,7 +120,7 @@ static int read_map(GetBitContext *gb, Table *t, > > unsigned int map[DST_MAX_CHANNE > > > > static av_always_inline int get_sr_golomb_dst(GetBitContext *gb, unsigned > > int k) > > { > > - int v = get_ur_golomb(gb, k, get_bits_left(gb), 0); > > + int v = get_ur_golomb_jpegls(gb, k, get_bits_left(gb), 0); > > if (v && get_bits1(gb)) > > v = -v; > > return v; > > -- > > 2.23.0 > > > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > To unsubscribe, visit link above, or email > > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c index 8a1bc6a738..b2dea4a177 100644 --- a/libavcodec/dstdec.c +++ b/libavcodec/dstdec.c @@ -120,7 +120,7 @@ static int read_map(GetBitContext *gb, Table *t, unsigned int map[DST_MAX_CHANNE static av_always_inline int get_sr_golomb_dst(GetBitContext *gb, unsigned int k) { - int v = get_ur_golomb(gb, k, get_bits_left(gb), 0); + int v = get_ur_golomb_jpegls(gb, k, get_bits_left(gb), 0); if (v && get_bits1(gb)) v = -v; return v;
Fixes: shift exponent -4 is negative Fixes: 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/dstdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)