diff mbox series

[FFmpeg-devel,2/3] avcodec/sga: Check for array end in lzss_decompress()

Message ID 20210317231728.2130-2-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/3] avformat/mpc8: check for size overflow in mpc8_get_chunk_header() | expand

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Michael Niedermayer March 17, 2021, 11:17 p.m. UTC 
Fixes: out of array access
Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016
Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/sga.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer March 25, 2021, 5:09 p.m. UTC | #1 
On Thu, Mar 18, 2021 at 12:17:27AM +0100, Michael Niedermayer wrote:
> Fixes: out of array access
> Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016
> Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/sga.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
Paul B Mahol March 25, 2021, 5:34 p.m. UTC | #2 
please remove excessive whitespaces

On Thu, Mar 25, 2021 at 6:09 PM Michael Niedermayer <michael@niedermayer.cc>
wrote:

> On Thu, Mar 18, 2021 at 12:17:27AM +0100, Michael Niedermayer wrote:
> > Fixes: out of array access
> > Fixes:
> 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016
> > Fixes:
> 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960
> >
> > Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/sga.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
>
> will apply
>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Its not that you shouldnt use gotos but rather that you should write
> readable code and code with gotos often but not always is less readable
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff mbox series

Patch

diff --git a/libavcodec/sga.c b/libavcodec/sga.c
index 00752a5843..881f3fa6b2 100644
--- a/libavcodec/sga.c
+++ b/libavcodec/sga.c
@@ -232,7 +232,7 @@  static int lzss_decompress(AVCodecContext *avctx,
 
                 if (offset <= 0)
                     offset = 1;
-                if (oi < offset)
+                if (oi < offset || oi + count * 2 > dst_size )
                     return AVERROR_INVALIDDATA;
                 for (int j = 0; j < count * 2; j++) {
                     dst[oi] = dst[oi - offset];