Message ID | 20230130234527.13149-2-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/3] tools/target_dec_fuzzer: Adjust threshold for BONK | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
Michael Niedermayer: > Fixes: OOM > Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/lafdec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c > index d02b479c4d..b78ec3649c 100644 > --- a/libavformat/lafdec.c > +++ b/libavformat/lafdec.c > @@ -208,6 +208,8 @@ again: > ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp); > if (ret < 0) > return ret; > + if (ret != st_count * st->codecpar->sample_rate * bpp) > + return AVERROR_INVALIDDATA; > } > > st = ctx->streams[s->index]; ffio_read() - Andreas
On Tue, Jan 31, 2023 at 12:21:24PM +0100, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: OOM > > Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/lafdec.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c > > index d02b479c4d..b78ec3649c 100644 > > --- a/libavformat/lafdec.c > > +++ b/libavformat/lafdec.c > > @@ -208,6 +208,8 @@ again: > > ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp); > > if (ret < 0) > > return ret; > > + if (ret != st_count * st->codecpar->sample_rate * bpp) > > + return AVERROR_INVALIDDATA; > > } > > > > st = ctx->streams[s->index]; > > ffio_read() I assume you mean ffio_read_size(), will use that thx [...]
Michael Niedermayer: > On Tue, Jan 31, 2023 at 12:21:24PM +0100, Andreas Rheinhardt wrote: >> Michael Niedermayer: >>> Fixes: OOM >>> Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904 >>> >>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >>> --- >>> libavformat/lafdec.c | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c >>> index d02b479c4d..b78ec3649c 100644 >>> --- a/libavformat/lafdec.c >>> +++ b/libavformat/lafdec.c >>> @@ -208,6 +208,8 @@ again: >>> ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp); >>> if (ret < 0) >>> return ret; >>> + if (ret != st_count * st->codecpar->sample_rate * bpp) >>> + return AVERROR_INVALIDDATA; >>> } >>> >>> st = ctx->streams[s->index]; >> >> ffio_read() > > I assume you mean ffio_read_size(), will use that > Yeah, I meant that. Sorry. - Andreas
diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c index d02b479c4d..b78ec3649c 100644 --- a/libavformat/lafdec.c +++ b/libavformat/lafdec.c @@ -208,6 +208,8 @@ again: ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp); if (ret < 0) return ret; + if (ret != st_count * st->codecpar->sample_rate * bpp) + return AVERROR_INVALIDDATA; } st = ctx->streams[s->index];
Fixes: OOM Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/lafdec.c | 2 ++ 1 file changed, 2 insertions(+)