[FFmpeg-devel,4/6] avcodec/rka: check for size 1 filter

Message ID	20230220192929.4493-4-michael@niedermayer.cc
State	Accepted
Commit	8874cfa2e174cf1a94123fc2f1a3aa4d307a270f
Headers	show Delivered-To: ffmpegpatchwork2@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; sender: michael@niedermayer.cc) by mail.gandi.net (Postfix) with ESMTPSA id 39764E0002 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Feb 2023 19:29:36 +0000 (UTC) From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Mon, 20 Feb 2023 20:29:27 +0100 Message-Id: <20230220192929.4493-4-michael@niedermayer.cc> In-Reply-To: <20230220192929.4493-1-michael@niedermayer.cc> References: <20230220192929.4493-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 4/6] avcodec/rka: check for size 1 filter Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/6] avformat/mov: Check samplesize and offset to avoid integer overflow \| expand [FFmpeg-devel,1/6] avformat/mov: Check samplesize and offset to avoid integer overflow [FFmpeg-devel,2/6] avformat/rka: Fix 1/0 with bps=1 [FFmpeg-devel,3/6] avcodec/rka: Fix some integer anomalies [FFmpeg-devel,4/6] avcodec/rka: check for size 1 filter [FFmpeg-devel,5/6] avcodec/rka: avoid negative value shift [FFmpeg-devel,6/6] avcodec/rka: avoid undefined doubling sum overflow

Message ID

20230220192929.4493-4-michael@niedermayer.cc

State

Accepted

Commit

8874cfa2e174cf1a94123fc2f1a3aa4d307a270f

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon, 20 Feb 2023 20:29:27 +0100
Message-Id: <20230220192929.4493-4-michael@niedermayer.cc>
In-Reply-To: <20230220192929.4493-1-michael@niedermayer.cc>
References: <20230220192929.4493-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 4/6] avcodec/rka: check for size 1 filter
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Series

[FFmpeg-devel,1/6] avformat/mov: Check samplesize and offset to avoid integer overflow | expand

Checks

Context	Check	Description
yinshiyou/make_loongarch64	success	Make finished
yinshiyou/make_fate_loongarch64	success	Make fate finished
andriy/make_x86	success	Make finished
andriy/make_fate_x86	success	Make fate finished

Context

Check

Description

yinshiyou/make_loongarch64

success

Make finished

yinshiyou/make_fate_loongarch64

success

Make fate finished

andriy/make_x86

success

Make finished

andriy/make_fate_x86

success

Make fate finished

Commit Message

Michael Niedermayer Feb. 20, 2023, 7:29 p.m. UTC

Such filters will not advance and be stuck in the current implementation

Fixes: Infinite loop
Fixes: 56052/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-5236218750435328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/rka.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/rka.c b/libavcodec/rka.c
index 994c563ffd..7452acf27f 100644
--- a/libavcodec/rka.c
+++ b/libavcodec/rka.c
@@ -691,7 +691,7 @@  static int decode_filter(RKAContext *s, ChContext *ctx, ACoder *ac, int off, uns
     else
         split = size >> 4;
 
-    if (size <= 0)
+    if (size <= 1)
         return 0;
 
     for (int x = 0; x < size;) {

[FFmpeg-devel,4/6] avcodec/rka: check for size 1 filter

Checks

Commit Message

Patch