[FFmpeg-devel,2/2] avcodec/hcadec: Check scale_factors

Message ID	20200328211246.30591-2-michael@niedermayer.cc
State	Accepted
Headers	show Return-Path: <ffmpeg-devel-bounces@ffmpeg.org> From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Sat, 28 Mar 2020 22:12:46 +0100 Message-Id: <20200328211246.30591-2-michael@niedermayer.cc> In-Reply-To: <20200328211246.30591-1-michael@niedermayer.cc> References: <20200328211246.30591-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 2/2] avcodec/hcadec: Check scale_factors Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/2] avcodec/hapdec: Check tex_size more strictly and before using it \| expand [FFmpeg-devel,1/2] avcodec/hapdec: Check tex_size more strictly and before using it [FFmpeg-devel,2/2] avcodec/hcadec: Check scale_factors

Message ID

20200328211246.30591-2-michael@niedermayer.cc

State

Accepted

Headers

From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sat, 28 Mar 2020 22:12:46 +0100
Message-Id: <20200328211246.30591-2-michael@niedermayer.cc>
In-Reply-To: <20200328211246.30591-1-michael@niedermayer.cc>
References: <20200328211246.30591-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 2/2] avcodec/hcadec: Check scale_factors
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Series

[FFmpeg-devel,1/2] avcodec/hapdec: Check tex_size more strictly and before using it | expand

Context	Check	Description
andriy/ffmpeg-patchwork	success	Make fate finished

Context

Check

Description

andriy/ffmpeg-patchwork

success

Make fate finished

Commit Message

Michael Niedermayer March 28, 2020, 9:12 p.m. UTC

Fixes: out of array read
Fixes: 21286/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5683183715876864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/hcadec.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Paul B Mahol March 28, 2020, 9:33 p.m. UTC | #1

LGTM

On 3/28/20, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: out of array read
> Fixes:
> 21286/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5683183715876864
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/hcadec.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/libavcodec/hcadec.c b/libavcodec/hcadec.c
> index 4e3f589579..f25d6c39b6 100644
> --- a/libavcodec/hcadec.c
> +++ b/libavcodec/hcadec.c
> @@ -345,6 +345,7 @@ static void unpack(HCAContext *c, ChannelContext *ch,
>              } else {
>                  factor += delta - half_max;
>              }
> +            factor = av_clip_uintp2(factor, 6);
>
>              ch->scale_factors[i] = factor;
>          }
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Michael Niedermayer March 31, 2020, 6:29 p.m. UTC | #2

On Sat, Mar 28, 2020 at 10:33:10PM +0100, Paul B Mahol wrote:
> LGTM

will apply

thx

[...]

diff --git a/libavcodec/hcadec.c b/libavcodec/hcadec.c
index 4e3f589579..f25d6c39b6 100644
--- a/libavcodec/hcadec.c
+++ b/libavcodec/hcadec.c
@@ -345,6 +345,7 @@  static void unpack(HCAContext *c, ChannelContext *ch,
             } else {
                 factor += delta - half_max;
             }
+            factor = av_clip_uintp2(factor, 6);
 
             ch->scale_factors[i] = factor;
         }

[FFmpeg-devel,2/2] avcodec/hcadec: Check scale_factors

Checks

Commit Message

Comments

Patch