diff mbox series

[FFmpeg-devel,4/4] avcodec/siren: Check index for catergory5

Message ID 20210917195616.25061-4-michael@niedermayer.cc
State Accepted
Commit db18f29b33a060b3ce0fc7ac7d215aeb3506c0ae
Headers show
Series [FFmpeg-devel,1/4] tools/target_dec_fuzzer: Adjust VC1 threshold | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Michael Niedermayer Sept. 17, 2021, 7:56 p.m. UTC 
Fixes: out of array access
Fixes: 38603/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSNSIREN_fuzzer-5741847809490944.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/siren.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Peter Ross Sept. 18, 2021, 9:47 a.m. UTC | #1 
On Fri, Sep 17, 2021 at 09:56:16PM +0200, Michael Niedermayer wrote:
> Fixes: out of array access
> Fixes: 38603/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSNSIREN_fuzzer-5741847809490944.fuzz
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/siren.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/libavcodec/siren.c b/libavcodec/siren.c
> index 2161b29a2cc..7f2b4678608 100644
> --- a/libavcodec/siren.c
> +++ b/libavcodec/siren.c
> @@ -648,6 +648,10 @@ static int decode_vector(SirenContext *s, int number_of_regions,
>                  }
>                  coefs_ptr++;
>              }
> +            if (i >= FF_ARRAY_ELEMS(noise_category5)) {
> +                error = 1;
> +                break;
> +            }
>  
>              noise = decoder_standard_deviation[region] * noise_category5[i];
>          } else

this fixes the recent msnsiren commit.
please apply

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
Michael Niedermayer Sept. 18, 2021, 4:02 p.m. UTC | #2 
On Sat, Sep 18, 2021 at 07:47:52PM +1000, Peter Ross wrote:
> On Fri, Sep 17, 2021 at 09:56:16PM +0200, Michael Niedermayer wrote:
> > Fixes: out of array access
> > Fixes: 38603/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSNSIREN_fuzzer-5741847809490944.fuzz
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/siren.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/libavcodec/siren.c b/libavcodec/siren.c
> > index 2161b29a2cc..7f2b4678608 100644
> > --- a/libavcodec/siren.c
> > +++ b/libavcodec/siren.c
> > @@ -648,6 +648,10 @@ static int decode_vector(SirenContext *s, int number_of_regions,
> >                  }
> >                  coefs_ptr++;
> >              }
> > +            if (i >= FF_ARRAY_ELEMS(noise_category5)) {
> > +                error = 1;
> > +                break;
> > +            }
> >  
> >              noise = decoder_standard_deviation[region] * noise_category5[i];
> >          } else
> 
> this fixes the recent msnsiren commit.
> please apply

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/siren.c b/libavcodec/siren.c
index 2161b29a2cc..7f2b4678608 100644
--- a/libavcodec/siren.c
+++ b/libavcodec/siren.c
@@ -648,6 +648,10 @@  static int decode_vector(SirenContext *s, int number_of_regions,
                 }
                 coefs_ptr++;
             }
+            if (i >= FF_ARRAY_ELEMS(noise_category5)) {
+                error = 1;
+                break;
+            }
 
             noise = decoder_standard_deviation[region] * noise_category5[i];
         } else