Message ID | 20230113000138.9994-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 1ab0f83b0a243c635d77f8b116646bb7594988d4 |
Headers | show |
Series | [FFmpeg-devel,1/5] avcodec/wbmpdec: use remaining size not whole size | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
On Fri, Jan 13, 2023 at 01:01:34AM +0100, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6652634692190208 > Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6653703453278208 > Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6668020758216704 > Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6684749875249152 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/wbmpdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/wbmpdec.c b/libavcodec/wbmpdec.c > index 9638b55b94..8b105bc135 100644 > --- a/libavcodec/wbmpdec.c > +++ b/libavcodec/wbmpdec.c > @@ -72,7 +72,7 @@ static int wbmp_decode_frame(AVCodecContext *avctx, AVFrame *p, > if (p->linesize[0] == (width + 7) / 8) > bytestream2_get_buffer(&gb, p->data[0], height * ((width + 7) / 8)); > else > - readbits(p->data[0], width, height, p->linesize[0], gb.buffer, gb.buffer_end - gb.buffer_start); > + readbits(p->data[0], width, height, p->linesize[0], gb.buffer, gb.buffer_end - gb.buffer); > > p->key_frame = 1; > p->pict_type = AV_PICTURE_TYPE_I; please apply. -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
On Sun, Jan 15, 2023 at 01:44:09PM +1100, Peter Ross wrote: > On Fri, Jan 13, 2023 at 01:01:34AM +0100, Michael Niedermayer wrote: > > Fixes: out of array access > > Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6652634692190208 > > Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6653703453278208 > > Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6668020758216704 > > Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6684749875249152 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/wbmpdec.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/wbmpdec.c b/libavcodec/wbmpdec.c > > index 9638b55b94..8b105bc135 100644 > > --- a/libavcodec/wbmpdec.c > > +++ b/libavcodec/wbmpdec.c > > @@ -72,7 +72,7 @@ static int wbmp_decode_frame(AVCodecContext *avctx, AVFrame *p, > > if (p->linesize[0] == (width + 7) / 8) > > bytestream2_get_buffer(&gb, p->data[0], height * ((width + 7) / 8)); > > else > > - readbits(p->data[0], width, height, p->linesize[0], gb.buffer, gb.buffer_end - gb.buffer_start); > > + readbits(p->data[0], width, height, p->linesize[0], gb.buffer, gb.buffer_end - gb.buffer); > > > > p->key_frame = 1; > > p->pict_type = AV_PICTURE_TYPE_I; > > please apply. will apply thx [...]
diff --git a/libavcodec/wbmpdec.c b/libavcodec/wbmpdec.c index 9638b55b94..8b105bc135 100644 --- a/libavcodec/wbmpdec.c +++ b/libavcodec/wbmpdec.c @@ -72,7 +72,7 @@ static int wbmp_decode_frame(AVCodecContext *avctx, AVFrame *p, if (p->linesize[0] == (width + 7) / 8) bytestream2_get_buffer(&gb, p->data[0], height * ((width + 7) / 8)); else - readbits(p->data[0], width, height, p->linesize[0], gb.buffer, gb.buffer_end - gb.buffer_start); + readbits(p->data[0], width, height, p->linesize[0], gb.buffer, gb.buffer_end - gb.buffer); p->key_frame = 1; p->pict_type = AV_PICTURE_TYPE_I;
Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6652634692190208 Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6653703453278208 Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6668020758216704 Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6684749875249152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/wbmpdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)