diff mbox series

[FFmpeg-devel,2/2] avcodec/gemdec: Use ff_set_dimensions()

Message ID 20211010213954.12708-2-michael@niedermayer.cc
State Accepted
Commit 1902a60ddab82b0c8e8e52c6d2c329eb4628a7d9
Headers show
Series [FFmpeg-devel,1/2] avcodec/utils: Ensure 8x8 alignment for ARGO in avcodec_align_dimensions2() | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Michael Niedermayer Oct. 10, 2021, 9:39 p.m. UTC 
Fixes: OOM
Fixes: 39798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GEM_fuzzer-5611636853964800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/gemdec.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Peter Ross Oct. 11, 2021, 9:18 a.m. UTC | #1 
On Sun, Oct 10, 2021 at 11:39:54PM +0200, Michael Niedermayer wrote:
> Fixes: OOM
> Fixes: 39798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GEM_fuzzer-5611636853964800
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/gemdec.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/libavcodec/gemdec.c b/libavcodec/gemdec.c
> index bf0927b7638..2464dda8a7e 100644
> --- a/libavcodec/gemdec.c
> +++ b/libavcodec/gemdec.c
> @@ -101,6 +101,7 @@ static int gem_decode_frame(AVCodecContext *avctx,
>      int row_width, pixel_size;
>      State state = {.y = 0, .pl = 0, .x = 0, .vdup = 1};
>      void (*put_lines)(AVCodecContext *avctx, int planes, int row_width, int pixel_size, State * state, uint8_t * row, AVFrame *p);
> +    int width, height;
>  
>      if (buf_size <= 16)
>          return AVERROR_INVALIDDATA;
> @@ -114,8 +115,11 @@ static int gem_decode_frame(AVCodecContext *avctx,
>      pattern_size = bytestream2_get_be16(&gb);
>      avctx->sample_aspect_ratio.num = bytestream2_get_be16(&gb);
>      avctx->sample_aspect_ratio.den = bytestream2_get_be16(&gb);
> -    avctx->width  = bytestream2_get_be16(&gb);
> -    avctx->height = bytestream2_get_be16(&gb);
> +    width  = bytestream2_get_be16(&gb);
> +    height = bytestream2_get_be16(&gb);
> +    ret = ff_set_dimensions(avctx, width, height);
> +    if (ret < 0)
> +        return ret;
>  
>      row_width = (avctx->width + 7) / 8;
>      put_lines = put_lines_bits;

looks good. please apply.

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
Michael Niedermayer Oct. 11, 2021, 5:59 p.m. UTC | #2 
On Mon, Oct 11, 2021 at 08:18:25PM +1100, Peter Ross wrote:
> On Sun, Oct 10, 2021 at 11:39:54PM +0200, Michael Niedermayer wrote:
> > Fixes: OOM
> > Fixes: 39798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GEM_fuzzer-5611636853964800
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/gemdec.c | 8 ++++++--
> >  1 file changed, 6 insertions(+), 2 deletions(-)
> > 
> > diff --git a/libavcodec/gemdec.c b/libavcodec/gemdec.c
> > index bf0927b7638..2464dda8a7e 100644
> > --- a/libavcodec/gemdec.c
> > +++ b/libavcodec/gemdec.c
> > @@ -101,6 +101,7 @@ static int gem_decode_frame(AVCodecContext *avctx,
> >      int row_width, pixel_size;
> >      State state = {.y = 0, .pl = 0, .x = 0, .vdup = 1};
> >      void (*put_lines)(AVCodecContext *avctx, int planes, int row_width, int pixel_size, State * state, uint8_t * row, AVFrame *p);
> > +    int width, height;
> >  
> >      if (buf_size <= 16)
> >          return AVERROR_INVALIDDATA;
> > @@ -114,8 +115,11 @@ static int gem_decode_frame(AVCodecContext *avctx,
> >      pattern_size = bytestream2_get_be16(&gb);
> >      avctx->sample_aspect_ratio.num = bytestream2_get_be16(&gb);
> >      avctx->sample_aspect_ratio.den = bytestream2_get_be16(&gb);
> > -    avctx->width  = bytestream2_get_be16(&gb);
> > -    avctx->height = bytestream2_get_be16(&gb);
> > +    width  = bytestream2_get_be16(&gb);
> > +    height = bytestream2_get_be16(&gb);
> > +    ret = ff_set_dimensions(avctx, width, height);
> > +    if (ret < 0)
> > +        return ret;
> >  
> >      row_width = (avctx->width + 7) / 8;
> >      put_lines = put_lines_bits;
> 
> looks good. please apply.

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/gemdec.c b/libavcodec/gemdec.c
index bf0927b7638..2464dda8a7e 100644
--- a/libavcodec/gemdec.c
+++ b/libavcodec/gemdec.c
@@ -101,6 +101,7 @@  static int gem_decode_frame(AVCodecContext *avctx,
     int row_width, pixel_size;
     State state = {.y = 0, .pl = 0, .x = 0, .vdup = 1};
     void (*put_lines)(AVCodecContext *avctx, int planes, int row_width, int pixel_size, State * state, uint8_t * row, AVFrame *p);
+    int width, height;
 
     if (buf_size <= 16)
         return AVERROR_INVALIDDATA;
@@ -114,8 +115,11 @@  static int gem_decode_frame(AVCodecContext *avctx,
     pattern_size = bytestream2_get_be16(&gb);
     avctx->sample_aspect_ratio.num = bytestream2_get_be16(&gb);
     avctx->sample_aspect_ratio.den = bytestream2_get_be16(&gb);
-    avctx->width  = bytestream2_get_be16(&gb);
-    avctx->height = bytestream2_get_be16(&gb);
+    width  = bytestream2_get_be16(&gb);
+    height = bytestream2_get_be16(&gb);
+    ret = ff_set_dimensions(avctx, width, height);
+    if (ret < 0)
+        return ret;
 
     row_width = (avctx->width + 7) / 8;
     put_lines = put_lines_bits;