diff mbox series

[FFmpeg-devel,2/3] avcodec/mjpegbdec: Check for AVDISCARD_ALL

Message ID 20221112234401.24158-2-michael@niedermayer.cc
State Accepted
Commit 64c6c568908ee9d7f9a5d75686b6d4ce3334222c
Headers show
Series [FFmpeg-devel,1/3] avformat/lafdec: Check for EOF in header reading | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Michael Niedermayer Nov. 12, 2022, 11:44 p.m. UTC 
Fixes: Assertion failure
Fixes: 51825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6393802688692224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mjpegbdec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Michael Niedermayer Dec. 22, 2022, 11:27 p.m. UTC | #1 
On Sun, Nov 13, 2022 at 12:44:00AM +0100, Michael Niedermayer wrote:
> Fixes: Assertion failure
> Fixes: 51825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6393802688692224
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/mjpegbdec.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

will apply

[...]
James Almer Dec. 23, 2022, 6:39 p.m. UTC | #2 
On 11/12/2022 8:44 PM, Michael Niedermayer wrote:
> Fixes: Assertion failure
> Fixes: 51825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-6393802688692224
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavcodec/mjpegbdec.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/libavcodec/mjpegbdec.c b/libavcodec/mjpegbdec.c
> index 98c64b44ca..a82a95d70a 100644
> --- a/libavcodec/mjpegbdec.c
> +++ b/libavcodec/mjpegbdec.c
> @@ -141,9 +141,10 @@ read_header:
>           av_log(avctx, AV_LOG_WARNING, "no picture\n");
>           return buf_size;
>       }
> -
>       av_frame_move_ref(rframe, s->picture_ptr);
>       s->got_picture = 0;
> +    if (avctx->skip_frame == AVDISCARD_ALL)
> +        return AVERROR(EAGAIN);

Decode callback decoders don't return EAGAIN. If they don't generate a 
frame but there was no error, then they return the amount of bytes 
consumed while ensuring got_frame is 0.

>       *got_frame = 1;
>   
>       if (!s->lossless && avctx->debug & FF_DEBUG_QP) {
diff mbox series

Patch

diff --git a/libavcodec/mjpegbdec.c b/libavcodec/mjpegbdec.c
index 98c64b44ca..a82a95d70a 100644
--- a/libavcodec/mjpegbdec.c
+++ b/libavcodec/mjpegbdec.c
@@ -141,9 +141,10 @@  read_header:
         av_log(avctx, AV_LOG_WARNING, "no picture\n");
         return buf_size;
     }
-
     av_frame_move_ref(rframe, s->picture_ptr);
     s->got_picture = 0;
+    if (avctx->skip_frame == AVDISCARD_ALL)
+        return AVERROR(EAGAIN);
     *got_frame = 1;
 
     if (!s->lossless && avctx->debug & FF_DEBUG_QP) {