Message ID | 20191114163408.16682-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | bfa8272f405314582e8f099ec1a9249232553c9c |
Headers | show |
LGTM On 11/14/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: out of array read > Fixes: > 18715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5659333417500672 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/agm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/agm.c b/libavcodec/agm.c > index 241e9eeb1b..628f324913 100644 > --- a/libavcodec/agm.c > +++ b/libavcodec/agm.c > @@ -827,7 +827,7 @@ static int decode_intra(AVCodecContext *avctx, > GetBitContext *gb, AVFrame *frame > static int decode_motion_vectors(AVCodecContext *avctx, GetBitContext *gb) > { > AGMContext *s = avctx->priv_data; > - int nb_mvs = ((avctx->height + 15) >> 4) * ((avctx->width + 15) >> 4); > + int nb_mvs = ((avctx->coded_height + 15) >> 4) * ((avctx->coded_width + > 15) >> 4); > int ret, skip = 0, value, map; > > av_fast_padded_malloc(&s->mvectors, &s->mvectors_size, > -- > 2.23.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Thu, Nov 14, 2019 at 06:07:30PM +0100, Paul B Mahol wrote:
> LGTM
will apply
thx
[...]
diff --git a/libavcodec/agm.c b/libavcodec/agm.c index 241e9eeb1b..628f324913 100644 --- a/libavcodec/agm.c +++ b/libavcodec/agm.c @@ -827,7 +827,7 @@ static int decode_intra(AVCodecContext *avctx, GetBitContext *gb, AVFrame *frame static int decode_motion_vectors(AVCodecContext *avctx, GetBitContext *gb) { AGMContext *s = avctx->priv_data; - int nb_mvs = ((avctx->height + 15) >> 4) * ((avctx->width + 15) >> 4); + int nb_mvs = ((avctx->coded_height + 15) >> 4) * ((avctx->coded_width + 15) >> 4); int ret, skip = 0, value, map; av_fast_padded_malloc(&s->mvectors, &s->mvectors_size,
Fixes: out of array read Fixes: 18715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5659333417500672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/agm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)