Message ID | 20210710212617.28438-1-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel] avformat/aaxdec: Ask for a sample and disable COLUMN_FLAG_DEFAULT | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Sat, Jul 10, 2021 at 11:26:17PM +0200, Michael Niedermayer wrote: > The codepath repeatly seeks back to the same byte and fills the table with this > Fixes: Timeout (reading billions of times the same byte) > Fixes: 35510/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5742289044504576 > > I have not found any samples in our archive or the fate samples which use this > codepath, also i found no specification. If anyone has either please reply > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/aaxdec.c | 4 ++++ > 1 file changed, 4 insertions(+) will apply [...]
please do not apply
On Wed, Sep 15, 2021 at 09:02:13AM +0200, Paul B Mahol wrote:
> please do not apply
ok, what else should be done ?
thx
[...]
diff --git a/libavformat/aaxdec.c b/libavformat/aaxdec.c index 643bc5f9a5..1bf4b689c9 100644 --- a/libavformat/aaxdec.c +++ b/libavformat/aaxdec.c @@ -238,6 +238,10 @@ static int aax_read_header(AVFormatContext *s) for (uint64_t r = 0; r < a->nb_segments; r++) { if (flag & COLUMN_FLAG_DEFAULT) { data_offset = a->schema_offset + col_offset; + if (a->nb_segments > 1) { + avpriv_request_sample(s, "Column default"); + return AVERROR_PATCHWELCOME; + } } else if (flag & COLUMN_FLAG_ROW) { data_offset = a->rows_offset + r * a->row_width + col_offset; } else
The codepath repeatly seeks back to the same byte and fills the table with this Fixes: Timeout (reading billions of times the same byte) Fixes: 35510/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5742289044504576 I have not found any samples in our archive or the fate samples which use this codepath, also i found no specification. If anyone has either please reply Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/aaxdec.c | 4 ++++ 1 file changed, 4 insertions(+)