| Message ID | 20191019203950.11689-5-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 327a968817a366c24d1513526258a3dbbcf888a7 |
| Headers | show |
On Sat, Oct 19, 2019 at 10:39:50PM +0200, Michael Niedermayer wrote: > As is the decoder will never stop, it will cause an infinite loop. The RFC seems only > to speak of non empty packets so endlessly generating noise from the last empty flush > packets seems wrong. > > Fixes: infinite loop > Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/cngdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavcodec/cngdec.c b/libavcodec/cngdec.c index 43b96fea1b..747ab49cd0 100644 --- a/libavcodec/cngdec.c +++ b/libavcodec/cngdec.c @@ -173,7 +173,7 @@ AVCodec ff_comfortnoise_decoder = { .close = cng_decode_close, .sample_fmts = (const enum AVSampleFormat[]){ AV_SAMPLE_FMT_S16, AV_SAMPLE_FMT_NONE }, - .capabilities = AV_CODEC_CAP_DELAY | AV_CODEC_CAP_DR1, + .capabilities = AV_CODEC_CAP_DR1, .caps_internal = FF_CODEC_CAP_INIT_THREADSAFE | FF_CODEC_CAP_INIT_CLEANUP, };
As is the decoder will never stop, it will cause an infinite loop. The RFC seems only to speak of non empty packets so endlessly generating noise from the last empty flush packets seems wrong. Fixes: infinite loop Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/cngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)