diff mbox series

[FFmpeg-devel,2/4] avcodec/mv30: Check available space in decode_intra() more completly

Message ID 20210211211715.6234-2-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/4] avcodec/pnm_parser: Check av_image_get_buffer_size() for failure
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Michael Niedermayer Feb. 11, 2021, 9:17 p.m. UTC
Fixes: Timeout (>10sec -> instantaneous)
Fixes: 30147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5549246684200960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mv30.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Paul B Mahol Feb. 11, 2021, 9:29 p.m. UTC | #1
this is hack
Michael Niedermayer April 28, 2021, 2:33 p.m. UTC | #2
On Thu, Feb 11, 2021 at 10:29:15PM +0100, Paul B Mahol wrote:
> this is hack

what else do you suggest?

thx

[...]
Paul B Mahol April 29, 2021, 4:25 p.m. UTC | #3
I suggest to write better non-hacky solutions.

On Wed, Apr 28, 2021 at 4:33 PM Michael Niedermayer <michael@niedermayer.cc>
wrote:

> On Thu, Feb 11, 2021 at 10:29:15PM +0100, Paul B Mahol wrote:
> > this is hack
>
> what else do you suggest?
>
> thx
>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Old school: Use the lowest level language in which you can solve the
> problem
>             conveniently.
> New school: Use the highest level language in which the latest
> supercomputer
>             can solve the problem without the user falling asleep waiting.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
Michael Niedermayer April 30, 2021, 8:27 a.m. UTC | #4
On Thu, Apr 29, 2021 at 06:25:06PM +0200, Paul B Mahol wrote:
> I suggest to write better non-hacky solutions.

can you be more specific ?

thx

> 
> On Wed, Apr 28, 2021 at 4:33 PM Michael Niedermayer <michael@niedermayer.cc>
> wrote:
> 
> > On Thu, Feb 11, 2021 at 10:29:15PM +0100, Paul B Mahol wrote:
> > > this is hack
> >
> > what else do you suggest?
> >
> > thx
> >
> > [...]
> > --
> > Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
> >
> > Old school: Use the lowest level language in which you can solve the
> > problem
> >             conveniently.
> > New school: Use the highest level language in which the latest
> > supercomputer
> >             can solve the problem without the user falling asleep waiting.
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
> >
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
diff mbox series

Patch

diff --git a/libavcodec/mv30.c b/libavcodec/mv30.c
index 7ae264e0f0..c92048a179 100644
--- a/libavcodec/mv30.c
+++ b/libavcodec/mv30.c
@@ -411,6 +411,8 @@  static int decode_intra(AVCodecContext *avctx, GetBitContext *gb, AVFrame *frame
     mgb = *gb;
     if (get_bits_left(gb) < s->mode_size * 8)
         return AVERROR_INVALIDDATA;
+    if (get_bits_left(&mgb) < (avctx->height + 15)/16 * ((avctx->width + 15)/16) * 12)
+        return AVERROR_INVALIDDATA;
 
     skip_bits_long(gb, s->mode_size * 8);