| Message ID | 20230603194437.23694-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | fead656a7bf523d448fe8bd39c1f2ea36be98fb9 |
| Headers | show |
| Series | [FFmpeg-devel] avcodec: Ignoring errors is only possible before the input end | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
On Sat, Jun 3, 2023 at 9:44 PM Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: out of array read > Fixes: Ticket 10308 > Did you forgot to apply this? > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/h263dec.c | 2 +- > libavcodec/mpeg4videodec.c | 4 ++-- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c > index f4e7048a5f..68a618a7ed 100644 > --- a/libavcodec/h263dec.c > +++ b/libavcodec/h263dec.c > @@ -281,7 +281,7 @@ static int decode_slice(MpegEncContext *s) > ff_er_add_slice(&s->er, s->resync_mb_x, s->resync_mb_y, > s->mb_x, s->mb_y, ER_MB_ERROR & > part_mask); > > - if (s->avctx->err_recognition & AV_EF_IGNORE_ERR) > + if ((s->avctx->err_recognition & AV_EF_IGNORE_ERR) && > get_bits_left(&s->gb) > 0) > continue; > return AVERROR_INVALIDDATA; > } > diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c > index d456e5dd11..30aec5e529 100644 > --- a/libavcodec/mpeg4videodec.c > +++ b/libavcodec/mpeg4videodec.c > @@ -1437,7 +1437,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext > *ctx, int16_t *block, > if (SHOW_UBITS(re, &s->gb, 1) == 0) { > av_log(s->avctx, AV_LOG_ERROR, > "1. marker bit missing in 3. > esc\n"); > - if (!(s->avctx->err_recognition & > AV_EF_IGNORE_ERR)) > + if (!(s->avctx->err_recognition & > AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0) > return AVERROR_INVALIDDATA; > } > SKIP_CACHE(re, &s->gb, 1); > @@ -1448,7 +1448,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext > *ctx, int16_t *block, > if (SHOW_UBITS(re, &s->gb, 1) == 0) { > av_log(s->avctx, AV_LOG_ERROR, > "2. marker bit missing in 3. > esc\n"); > - if (!(s->avctx->err_recognition & > AV_EF_IGNORE_ERR)) > + if (!(s->avctx->err_recognition & > AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0) > return AVERROR_INVALIDDATA; > } > > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
On Sat, Jun 17, 2023 at 08:45:53AM +0200, Paul B Mahol wrote: > On Sat, Jun 3, 2023 at 9:44 PM Michael Niedermayer <michael@niedermayer.cc> > wrote: > > > Fixes: out of array read > > Fixes: Ticket 10308 > > > > Did you forgot to apply this? yes, ill apply it with my next git push thx for reminding me [...]
diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index f4e7048a5f..68a618a7ed 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -281,7 +281,7 @@ static int decode_slice(MpegEncContext *s) ff_er_add_slice(&s->er, s->resync_mb_x, s->resync_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR & part_mask); - if (s->avctx->err_recognition & AV_EF_IGNORE_ERR) + if ((s->avctx->err_recognition & AV_EF_IGNORE_ERR) && get_bits_left(&s->gb) > 0) continue; return AVERROR_INVALIDDATA; } diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index d456e5dd11..30aec5e529 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -1437,7 +1437,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block, if (SHOW_UBITS(re, &s->gb, 1) == 0) { av_log(s->avctx, AV_LOG_ERROR, "1. marker bit missing in 3. esc\n"); - if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR)) + if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0) return AVERROR_INVALIDDATA; } SKIP_CACHE(re, &s->gb, 1); @@ -1448,7 +1448,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block, if (SHOW_UBITS(re, &s->gb, 1) == 0) { av_log(s->avctx, AV_LOG_ERROR, "2. marker bit missing in 3. esc\n"); - if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR)) + if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0) return AVERROR_INVALIDDATA; }
Fixes: out of array read Fixes: Ticket 10308 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/h263dec.c | 2 +- libavcodec/mpeg4videodec.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)