Message ID | 20201218232208.14207-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 5cae71d2b722d0beed4d46f189db42fbb57d877b |
Headers | show |
Series | [FFmpeg-devel,1/8] avformat/mpegts: Increase pcr_incr width to 64bit | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
Trivially ok On Sat, Dec 19, 2020 at 1:42 AM Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: assertion failure > Fixes: > 28447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5369575948550144 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/ffv1dec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c > index c704373cfe..0a3f425493 100644 > --- a/libavcodec/ffv1dec.c > +++ b/libavcodec/ffv1dec.c > @@ -786,7 +786,7 @@ static int read_header(FFV1Context *f) > > if (f->version == 2) { > int idx = get_symbol(c, state, 0); > - if (idx > (unsigned)f->quant_table_count) { > + if (idx >= (unsigned)f->quant_table_count) { > av_log(f->avctx, AV_LOG_ERROR, > "quant_table_index out of range\n"); > return AVERROR_INVALIDDATA; > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Mon, Dec 21, 2020 at 08:44:33PM +0100, Paul B Mahol wrote:
> Trivially ok
will apply
thx
[...]
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index c704373cfe..0a3f425493 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -786,7 +786,7 @@ static int read_header(FFV1Context *f) if (f->version == 2) { int idx = get_symbol(c, state, 0); - if (idx > (unsigned)f->quant_table_count) { + if (idx >= (unsigned)f->quant_table_count) { av_log(f->avctx, AV_LOG_ERROR, "quant_table_index out of range\n"); return AVERROR_INVALIDDATA;
Fixes: assertion failure Fixes: 28447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5369575948550144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/ffv1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)