diff mbox series

[FFmpeg-devel,1/3] avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure

Message ID 20230619230424.30270-1-michael@niedermayer.cc
State Accepted
Commit 90647a9249aee8c0ef6c0bced3558ada9643f5b6
Headers show
Series [FFmpeg-devel,1/3] avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 fail Make fate failed
andriy/make_x86 success Make finished
andriy/make_fate_x86 fail Make fate failed

Commit Message

Michael Niedermayer June 19, 2023, 11:04 p.m. UTC 
Fixes: left shift of negative value -1
Fixes: 59889/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HUFFYUV_fuzzer-5472742275940352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/huffyuvdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Paul B Mahol June 19, 2023, 11:05 p.m. UTC | #1 
Shouldnt it error out instead?
Michael Niedermayer June 19, 2023, 11:36 p.m. UTC | #2 
On Tue, Jun 20, 2023 at 01:05:45AM +0200, Paul B Mahol wrote:
>  Shouldnt it error out instead?

yes but that would make it slower. Also i think real files (not fuzzeed files)
would use vlc tables that have no "holes" that can generate invalid returns
so the check might on top of being slow also be not that useful.
But i surely can add a check if thats what people prefer?

thx

[...]
Michael Niedermayer Sept. 14, 2023, 7:49 p.m. UTC | #3 
On Tue, Jun 20, 2023 at 01:36:40AM +0200, Michael Niedermayer wrote:
> On Tue, Jun 20, 2023 at 01:05:45AM +0200, Paul B Mahol wrote:
> >  Shouldnt it error out instead?
> 
> yes but that would make it slower. Also i think real files (not fuzzeed files)
> would use vlc tables that have no "holes" that can generate invalid returns
> so the check might on top of being slow also be not that useful.
> But i surely can add a check if thats what people prefer?

no reply so ill apply the original patch, so this is fixed


[...]
diff mbox series

Patch

diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c
index 8ba67bbdeb..1a7690da94 100644
--- a/libavcodec/huffyuvdec.c
+++ b/libavcodec/huffyuvdec.c
@@ -755,7 +755,7 @@  static void decode_plane_bitstream(HYuvDecContext *s, int width, int plane)
             }
         }
         if( width&1 && get_bits_left(&s->gb)>0 ) {
-            int dst = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;
+            int dst = (unsigned)get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;
             s->temp16[0][width-1] = dst + get_bits(&s->gb, 2);
         }
     }