Message ID | 20210917195616.25061-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | db18f29b33a060b3ce0fc7ac7d215aeb3506c0ae |
Headers | show |
Series | [FFmpeg-devel,1/4] tools/target_dec_fuzzer: Adjust VC1 threshold | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
andriy/make_ppc | success | Make finished |
andriy/make_fate_ppc | success | Make fate finished |
On Fri, Sep 17, 2021 at 09:56:16PM +0200, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: 38603/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSNSIREN_fuzzer-5741847809490944.fuzz > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/siren.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libavcodec/siren.c b/libavcodec/siren.c > index 2161b29a2cc..7f2b4678608 100644 > --- a/libavcodec/siren.c > +++ b/libavcodec/siren.c > @@ -648,6 +648,10 @@ static int decode_vector(SirenContext *s, int number_of_regions, > } > coefs_ptr++; > } > + if (i >= FF_ARRAY_ELEMS(noise_category5)) { > + error = 1; > + break; > + } > > noise = decoder_standard_deviation[region] * noise_category5[i]; > } else this fixes the recent msnsiren commit. please apply -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
On Sat, Sep 18, 2021 at 07:47:52PM +1000, Peter Ross wrote: > On Fri, Sep 17, 2021 at 09:56:16PM +0200, Michael Niedermayer wrote: > > Fixes: out of array access > > Fixes: 38603/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSNSIREN_fuzzer-5741847809490944.fuzz > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/siren.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/libavcodec/siren.c b/libavcodec/siren.c > > index 2161b29a2cc..7f2b4678608 100644 > > --- a/libavcodec/siren.c > > +++ b/libavcodec/siren.c > > @@ -648,6 +648,10 @@ static int decode_vector(SirenContext *s, int number_of_regions, > > } > > coefs_ptr++; > > } > > + if (i >= FF_ARRAY_ELEMS(noise_category5)) { > > + error = 1; > > + break; > > + } > > > > noise = decoder_standard_deviation[region] * noise_category5[i]; > > } else > > this fixes the recent msnsiren commit. > please apply will apply thx [...]
diff --git a/libavcodec/siren.c b/libavcodec/siren.c index 2161b29a2cc..7f2b4678608 100644 --- a/libavcodec/siren.c +++ b/libavcodec/siren.c @@ -648,6 +648,10 @@ static int decode_vector(SirenContext *s, int number_of_regions, } coefs_ptr++; } + if (i >= FF_ARRAY_ELEMS(noise_category5)) { + error = 1; + break; + } noise = decoder_standard_deviation[region] * noise_category5[i]; } else
Fixes: out of array access Fixes: 38603/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSNSIREN_fuzzer-5741847809490944.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/siren.c | 4 ++++ 1 file changed, 4 insertions(+)