Message ID | 20230619230424.30270-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 90647a9249aee8c0ef6c0bced3558ada9643f5b6 |
Headers | show |
Series | [FFmpeg-devel,1/3] avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | fail | Make fate failed |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | fail | Make fate failed |
Shouldnt it error out instead?
On Tue, Jun 20, 2023 at 01:05:45AM +0200, Paul B Mahol wrote:
> Shouldnt it error out instead?
yes but that would make it slower. Also i think real files (not fuzzeed files)
would use vlc tables that have no "holes" that can generate invalid returns
so the check might on top of being slow also be not that useful.
But i surely can add a check if thats what people prefer?
thx
[...]
On Tue, Jun 20, 2023 at 01:36:40AM +0200, Michael Niedermayer wrote: > On Tue, Jun 20, 2023 at 01:05:45AM +0200, Paul B Mahol wrote: > > Shouldnt it error out instead? > > yes but that would make it slower. Also i think real files (not fuzzeed files) > would use vlc tables that have no "holes" that can generate invalid returns > so the check might on top of being slow also be not that useful. > But i surely can add a check if thats what people prefer? no reply so ill apply the original patch, so this is fixed [...]
diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c index 8ba67bbdeb..1a7690da94 100644 --- a/libavcodec/huffyuvdec.c +++ b/libavcodec/huffyuvdec.c @@ -755,7 +755,7 @@ static void decode_plane_bitstream(HYuvDecContext *s, int width, int plane) } } if( width&1 && get_bits_left(&s->gb)>0 ) { - int dst = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2; + int dst = (unsigned)get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2; s->temp16[0][width-1] = dst + get_bits(&s->gb, 2); } }
Fixes: left shift of negative value -1 Fixes: 59889/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HUFFYUV_fuzzer-5472742275940352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/huffyuvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)