| Message ID | 20180608221130.12644-2-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | c2852e4e00de4073ff7de82d41cb3368702686e8 |
| Headers | show |
On 6/9/18, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: OOM > Fixes: > 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/xwddec.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/xwddec.c b/libavcodec/xwddec.c > index 592c98dd4e..8c4358fd4c 100644 > --- a/libavcodec/xwddec.c > +++ b/libavcodec/xwddec.c > @@ -39,6 +39,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, void > *data, > uint32_t pixformat, pixdepth, bunit, bitorder, bpad; > uint32_t rgb[3]; > uint8_t *ptr; > + int width, height; > GetByteContext gb; > > if (buf_size < XWD_HEADER_SIZE) > @@ -60,8 +61,8 @@ static int xwd_decode_frame(AVCodecContext *avctx, void > *data, > > pixformat = bytestream2_get_be32u(&gb); > pixdepth = bytestream2_get_be32u(&gb); > - avctx->width = bytestream2_get_be32u(&gb); > - avctx->height = bytestream2_get_be32u(&gb); > + width = bytestream2_get_be32u(&gb); > + height = bytestream2_get_be32u(&gb); > xoffset = bytestream2_get_be32u(&gb); > be = bytestream2_get_be32u(&gb); > bunit = bytestream2_get_be32u(&gb); > @@ -77,6 +78,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, void > *data, > ncolors = bytestream2_get_be32u(&gb); > bytestream2_skipu(&gb, header_size - (XWD_HEADER_SIZE - 20)); > > + if ((ret = ff_set_dimensions(avctx, width, height)) < 0) > + return ret; > + > av_log(avctx, AV_LOG_DEBUG, > "pixformat %"PRIu32", pixdepth %"PRIu32", bunit %"PRIu32", > bitorder %"PRIu32", bpad %"PRIu32"\n", > pixformat, pixdepth, bunit, bitorder, bpad); > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > lgtm
On Sat, Jun 09, 2018 at 08:35:32AM +0200, Paul B Mahol wrote: > On 6/9/18, Michael Niedermayer <michael@niedermayer.cc> wrote: > > Fixes: OOM > > Fixes: > > 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/xwddec.c | 8 ++++++-- > > 1 file changed, 6 insertions(+), 2 deletions(-) > > > > diff --git a/libavcodec/xwddec.c b/libavcodec/xwddec.c > > index 592c98dd4e..8c4358fd4c 100644 > > --- a/libavcodec/xwddec.c > > +++ b/libavcodec/xwddec.c > > @@ -39,6 +39,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, void > > *data, > > uint32_t pixformat, pixdepth, bunit, bitorder, bpad; > > uint32_t rgb[3]; > > uint8_t *ptr; > > + int width, height; > > GetByteContext gb; > > > > if (buf_size < XWD_HEADER_SIZE) > > @@ -60,8 +61,8 @@ static int xwd_decode_frame(AVCodecContext *avctx, void > > *data, > > > > pixformat = bytestream2_get_be32u(&gb); > > pixdepth = bytestream2_get_be32u(&gb); > > - avctx->width = bytestream2_get_be32u(&gb); > > - avctx->height = bytestream2_get_be32u(&gb); > > + width = bytestream2_get_be32u(&gb); > > + height = bytestream2_get_be32u(&gb); > > xoffset = bytestream2_get_be32u(&gb); > > be = bytestream2_get_be32u(&gb); > > bunit = bytestream2_get_be32u(&gb); > > @@ -77,6 +78,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, void > > *data, > > ncolors = bytestream2_get_be32u(&gb); > > bytestream2_skipu(&gb, header_size - (XWD_HEADER_SIZE - 20)); > > > > + if ((ret = ff_set_dimensions(avctx, width, height)) < 0) > > + return ret; > > + > > av_log(avctx, AV_LOG_DEBUG, > > "pixformat %"PRIu32", pixdepth %"PRIu32", bunit %"PRIu32", > > bitorder %"PRIu32", bpad %"PRIu32"\n", > > pixformat, pixdepth, bunit, bitorder, bpad); > > -- > > 2.17.1 > > > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > lgtm will apply thx [...]
diff --git a/libavcodec/xwddec.c b/libavcodec/xwddec.c index 592c98dd4e..8c4358fd4c 100644 --- a/libavcodec/xwddec.c +++ b/libavcodec/xwddec.c @@ -39,6 +39,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data, uint32_t pixformat, pixdepth, bunit, bitorder, bpad; uint32_t rgb[3]; uint8_t *ptr; + int width, height; GetByteContext gb; if (buf_size < XWD_HEADER_SIZE) @@ -60,8 +61,8 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data, pixformat = bytestream2_get_be32u(&gb); pixdepth = bytestream2_get_be32u(&gb); - avctx->width = bytestream2_get_be32u(&gb); - avctx->height = bytestream2_get_be32u(&gb); + width = bytestream2_get_be32u(&gb); + height = bytestream2_get_be32u(&gb); xoffset = bytestream2_get_be32u(&gb); be = bytestream2_get_be32u(&gb); bunit = bytestream2_get_be32u(&gb); @@ -77,6 +78,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data, ncolors = bytestream2_get_be32u(&gb); bytestream2_skipu(&gb, header_size - (XWD_HEADER_SIZE - 20)); + if ((ret = ff_set_dimensions(avctx, width, height)) < 0) + return ret; + av_log(avctx, AV_LOG_DEBUG, "pixformat %"PRIu32", pixdepth %"PRIu32", bunit %"PRIu32", bitorder %"PRIu32", bpad %"PRIu32"\n", pixformat, pixdepth, bunit, bitorder, bpad);
Fixes: OOM Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/xwddec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)