From patchwork Wed Jul 31 19:54:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50840 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:12d6:0:b0:489:2eb3:e4c4 with SMTP id 205csp729771vqs; Wed, 31 Jul 2024 13:31:58 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVp2jGMZ8pCdg4G4vOxyHa6f7PAP18nya88oJ0dHS4J4ceQ7C4mMkAhN9BvuPvXFqHNotgoCjlho+eKKhH9NZbJv4pmdBRqvz+96g== X-Google-Smtp-Source: AGHT+IHhEx4VJE6MDiScCWrRy0kVUrxflqyITsmFbwrYFiDiIDu/5x1hlp3t8AoCu5JjJIAXhgRX X-Received: by 2002:a2e:87d5:0:b0:2ef:2593:334d with SMTP id 38308e7fff4ca-2f1533c44f5mr2512811fa.47.1722457918321; Wed, 31 Jul 2024 13:31:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722457918; cv=none; d=google.com; s=arc-20160816; b=KD+vuSvwJNa7m7CQHW465p1f1+I9DZGb339KuGZV4ZgswF/kEsuBVJ4OYSV0gFw9TB hA0qGmm3niCHp5iHKbjpcptXja2lcJhpslzMBoQs9gQov9M4bAXIRc+qn+cO1ZKDE3a/ kSyDu7SIIDqBN7nTBQ2cBCu5AQK8+iMZNH773kVicRX2rKv7J62oaz0ZyXKaegdRdFg8 7g3fd18O8aqmZZnEc+0pBXflsS2hJlr0Z4d9PEISOJrrNlHGY7XI9Vatxxc+gb4RagOn vwpt2DInyIGb+4Xxuxzk0sMcbjJbuj+YUlR1OttCz5jVL1TC67mMARwp5qYADMQF1zZR gr8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=OjOc0C4TtVTCkx7hkGBemZcbZ+0RsyL7eRbx3W/i0Bk=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=iua+3mNg6LBbhgnxjqcDEkc3YqqhIA7HbIQi6WLqay8dfLrTn7EPvdEXDm/lSUE1wD 3Oz6FnsS6hgxWhQho949iHU3Aav7kWg064Y7JkftJATuBBa7LUTQxQAzxAf+LTPQxA48 ydAdS3BPCxNIFL0bMfFMkKz6l1Qp29jnab71J11FTPmLwShhNw/nVk+em3qkwYa7Lxc4 wsvk9gGppG+RLuGyKJ1YjNW4Fus6N7mIqHQAHKpIfcvlxRuKqMsl+zJ4yCsOijP5lFUj kmQpf3Pb4gBg2GqwgXI/ZN+6J5Ub3Xgm/q39utLS9zYpXZs/1m5tMzAHMsBR35Ow2/8P T+XQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=YplWoZBH; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 38308e7fff4ca-2f03d180be5si38847261fa.534.2024.07.31.13.31.57; Wed, 31 Jul 2024 13:31:58 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=YplWoZBH; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BD78668D913; Wed, 31 Jul 2024 22:54:25 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net [217.70.183.198]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 820D768D753 for ; Wed, 31 Jul 2024 22:54:15 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id DD085C0005 for ; Wed, 31 Jul 2024 19:54:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722455655; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KLZ6Du3xhzEP/vMCCpxpAcsl5S6DAW8hCmDMwnf+D4w=; b=YplWoZBHq3ekH43/bFuiuj/iuPHufqiXzqnCsmwMcNHKudDw6/eDjeFnYaUyR4TjzVkOPV xBs+2rvgA/y+sl6flpeMemFn4hRs/7ayhWgTVKd0DOK0LVHpgCaOUBHTGxTNMKTeqY6fQ6 P6oc7YNysguTHX8UfJJ0Qwa9p+yJS5dF8UNm6a5snrBkaVlz0ZsqfJUj1/zgRDIMQEcpzK wgPGX1QUyu3rQ/XJmnFSIVnC3Qloa2/ncXg47GPcCTY+ko2g4/GiBQZM9PQklbq0afo21c OC4CiXDnowZvVV+JRYxbckBWPB6kmvc0XwgnVZIuGrJ9gOpb9em+ZAI4MBYnnw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 31 Jul 2024 21:54:09 +0200 Message-ID: <20240731195410.274508-5-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240731195410.274508-1-michael@niedermayer.cc> References: <20240731195410.274508-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 5/6] avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: KsKORdNmOZJL The snow encoder uses block based motion estimation which can read out of array if insufficient alignment is used It may be better to only apply this for the encoder, as it would safe a few bytes of memory for the decoder. Until then, this fixes the issue in a simple way. Fixes: out of array access Fixes: 68963/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4979988435632128 Fixes: 68969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6239933667803136.fuzz Fixed: 70497/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5751882631413760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 337c00e789a..7914f799041 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -259,6 +259,9 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, if (s->codec_id == AV_CODEC_ID_SVQ1) { w_align = 64; h_align = 64; + } else if (s->codec_id == AV_CODEC_ID_SNOW) { + w_align = 16; + h_align = 16; } break; case AV_PIX_FMT_RGB555: