From patchwork Mon Apr  1 20:56:02 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47702
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp979311pzb;
        Mon, 1 Apr 2024 13:56:19 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVES7NlAgfhNTRZYE56HCvHJEr4o7oCzo112qYCsNkl5AIWHX9ml5NOaSYggMjZPZyPxm6lF5g2HbP6ZezEVwCSii33KevXrqZvAQ==
X-Google-Smtp-Source: 
 AGHT+IEFB2Y5c57W/aNXf0w+MDEYF0Lw7Q9lOA8+xdfp6RCBa6nf3T18HZ60rFufEe3WQz4+I1qc
X-Received: by 2002:a05:6000:1d82:b0:341:dc41:baa6 with SMTP id
 bk2-20020a0560001d8200b00341dc41baa6mr7466222wrb.2.1712004979365;
        Mon, 01 Apr 2024 13:56:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712004979; cv=none;
        d=google.com; s=arc-20160816;
        b=v7iS1wMpF9Z+p3t3KG7Uf1i0ETr0AblK185p/9uSAN9CG2CqHQvbLnm0iWpEKLK/eR
         q0sYDal0wdVQ+0irLrPsAbKCG6P8hGKkpheugbx9olyH2ry/UIeXeTDmCgYKjTAKpXjV
         rWhatauqqO+tSQvGKssnRZoNV7R5K8xl0TDBXe0imZuourIqZO8dFopioIIHqdpuoUzm
         T+9Lj8wM1ObzSAqyIbhfnFSD075qk/LoGrgzW+quZ9wn80CqSpqrOuNyhw5+Bxzal5rz
         YxZkg4XaqdZQlEJUK7Pj6JkfQf2+Cy752+z9S5NZwy07+uWqn+FJjkH5BByxiHh+xYQv
         YlkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:message-id:date:to:from:dkim-signature
         :delivered-to;
        bh=dv9SWGvPPJFm8Ioy5ZTJMUv2rXJf33H2xmlrOIdhOCg=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=htIxz8NFuwUVjLgSeAhrvjtB9Hm+KA13jVyQ2tHzaWbnK6or5+KeX955lxkrI3yRu8
         Pg+8FsBHHz1eYowUny1W5cQxjSv6lYebabHWfWLhnf5fQBRj63PRrsL/5DpqnI9Uu0D+
         rQ83rd8l8Zckn6WSxb+JvxPQ9KekF9go0T7iWPlB+Pt/qfEpYKjeQNmiRC4WqTFr23/u
         VclkXCiVjeFC9IG1SGLuxavStBD7fN9y2eRX5dy9dtvhUllU3IuhwUZmRZeq0QtUqmj2
         lz4Ol8KqNk+MnlWjPxaZdWjSLBLhRGWvEjNJZSJH5wbfUDztm1LmJmFnjZTtf5LFWSys
         uhTw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=WMvpmt0r;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 r3-20020a170906364300b00a4714e036fesi4816854ejb.956.2024.04.01.13.56.19;
        Mon, 01 Apr 2024 13:56:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=WMvpmt0r;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8C68C68CF45;
	Mon,  1 Apr 2024 23:56:15 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E942868C9CF
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 23:56:08 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 40FEC240004
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 20:56:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712004968;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc; bh=xKLDXiKc/j+7SUIvk6PrIM41p6wWMxC8/+btYq6w910=;
 b=WMvpmt0r8J4t74/uHnThQNUZYpau2d+j8VCyHWHNi6/h2JLcrNvXvfJVaqfQrhgwDhkkYn
 5bJh9TBV/T/vpiFMM+G1SK+F8aGW3C+zfX59D5p5nw7d2Zosqd4P0+9jUho2FBlq8vdK7N
 UXgxYdM7fG1kJZ+w4hVDaRYnDYklVyvj8j84HTUF/dL0VWdOZlrwhPMX4WVv09bLtdka0h
 6WwM89FoTfy2kigZTehhfLze0dzzwkG3eLXzsU4+Qwu9iU1dbKavIZ+VzeLiVJp0DAEwAO
 052d6Nuh5DMOCBcEyWEXIKwxqmLHjd7Ju50jonJ2HEevydvByo4Ukp5e8u9Eiw==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon,  1 Apr 2024 22:56:02 +0200
Message-Id: <20240401205607.9093-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 1/6] avformat/isom: Uninit layout in
 ff_mp4_read_dec_config_descr()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: dJGrM8LptOmj

Fixes: memleak
Fixes: 67442/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5068813261406208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/isom.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/isom.c b/libavformat/isom.c
index 9fbccd4437f..c5930bd4d87 100644
--- a/libavformat/isom.c
+++ b/libavformat/isom.c
@@ -359,6 +359,7 @@ int ff_mp4_read_dec_config_descr(AVFormatContext *fc, AVStream *st, AVIOContext
                                                 st->codecpar->extradata_size, 1, fc);
             if (ret < 0)
                 return ret;
+            av_channel_layout_uninit(&st->codecpar->ch_layout);
             st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
             st->codecpar->ch_layout.nb_channels = cfg.channels;
             if (cfg.object_type == 29 && cfg.sampling_index < 3) // old mp3on4

From patchwork Mon Apr  1 20:56:03 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47703
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp979362pzb;
        Mon, 1 Apr 2024 13:56:28 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCU8hf5Eaf2sfF5lhSBs97HverzbW4Y1L8/hdwNaH4y1QGXeuAgzp33/VctLKBv4OQaZP2FDim3RwKd0LKoof5T0K2aLjJL0BLjRiA==
X-Google-Smtp-Source: 
 AGHT+IGlfXwRQNM/GXRLIilBIRkrxmx3xfXm+h6IVR5dQYMCk6p2QzePJJcTi6Vua21kJ229lx6q
X-Received: by 2002:a05:6402:358a:b0:56d:c82d:56bc with SMTP id
 y10-20020a056402358a00b0056dc82d56bcmr5279677edc.24.1712004988534;
        Mon, 01 Apr 2024 13:56:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712004988; cv=none;
        d=google.com; s=arc-20160816;
        b=q5ze86md5wcLq7md851VI/7cZrd0Preij2Xm7j6VTjo8jU4k0qX/TzV+2yCEeOg9KV
         zFkfiCwGdnBF6/FKHUWW5xcLN4Pzm+8MaE+h5rnroA0Cwrc4lmjeAYZfrrF13/LaUSRp
         5q9uSrJBxfZIjogni/iINg6wkLLKcMlbrQx1trWHQr7sSxNsp2SXotkKPQ4O9n0JbE0x
         R+1mbKeERYCFtLzL8LSTI7768IKsytrCutxSbuaOWxZoplkZ7A54ekqU5hMsUOHFokhn
         1iFkhzMdleuYqpOuPkiO5vhN6UKa0dGw5etCLZLfakaGv4xwtOj2PHQCAazGX2stdt9R
         5Y1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=M/82+NUzVN5bUd/A7MX+LUQ1T7q06NLr3W1ZKSeHDPs=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=q0YtQPZZzKtlc0RaCiVlqoTlw0ruVd2GPZDlBAYmRVK1DP+0Kvkvh4i6MtsINrbCL0
         wMZnygVnxTDkM6uZutVMF+9Heym/Avx3W4sxW9A4zEb06wEdZB9qnu4yYifTQjEDuRwF
         xr3DetSmkyj6NGbtaCv82tH1o6pkw+og3+6mCPyEywjLG89umGN44N2hqiI97WKK31R7
         GRXRwmEWvEoqsXiwJogqlfKeFK68PKza45NDwiG/fnneb0uUYd00y7+R5HOou8S7IsJl
         Tnhs3EIu/LKrt4S9P5OG8039pYQuwpFYdBqBqAFJp/rytZUSlHmZ2J0KLM4rgTvjbR6K
         XDNA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=Hguh44f8;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 e12-20020a056402190c00b0056dc91cd076si2213082edz.392.2024.04.01.13.56.27;
        Mon, 01 Apr 2024 13:56:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=Hguh44f8;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A82FA68CF96;
	Mon,  1 Apr 2024 23:56:16 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net
 [217.70.183.198])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E860F68CA9C
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 23:56:09 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 401DDC0002
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 20:56:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712004969;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=NSrJuS28Vq3JAU8SnzWD08kIMGFFF2Se9JvQRlhBrmY=;
 b=Hguh44f8AaJmt4IoiWHocA6dNIYtEnBcAaa2400JZNb40t3jjKTmYDIgZDSFvWN1lnYApC
 vc7Rf0SnGoGrhNqb+d91lF94dsJthGezQqA9spaTXrHzkkPLowfEAzKyGm9I1Ay+v/nJRj
 fLYH6hkRasdPekkajTfi2i+UPzM7glLcic77yECM27lsVSyPLgi1HU/+tvdpcSlhbOKfZc
 2MzoqRm0N8Vt/k6twvJ4nEYMF/k932RiOD0aPEMPzW170rDEd6boxt3P7cRmfXO9m2nB9/
 dsQFnfhmkge2KhBHKTsnndabpAV303ks40ucebAEyJUlFMDP1QfjB8wYT2QdqQ==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon,  1 Apr 2024 22:56:03 +0200
Message-Id: <20240401205607.9093-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240401205607.9093-1-michael@niedermayer.cc>
References: <20240401205607.9093-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 2/6] avformat/mov: Check that tile_item_list
 is initialized in read_image_iovl()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: O/GtM3by1k+c

Fixes: null pointer dereference
Fixes: 67494/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6528714521247744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 7bdeeb99f98..fa4c237c0d8 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -9364,6 +9364,10 @@ static int read_image_iovl(AVFormatContext *s, const HEIFGrid *grid,
     }
 
     for (int i = 0; i < tile_grid->nb_tiles; i++) {
+        if (!grid->tile_item_list[i]) {
+            ret = AVERROR_INVALIDDATA;
+            goto fail;
+        }
         tile_grid->offsets[i].idx        = grid->tile_item_list[i]->st->index;
         tile_grid->offsets[i].horizontal = (flags & 1) ? avio_rb32(s->pb) : avio_rb16(s->pb);
         tile_grid->offsets[i].vertical   = (flags & 1) ? avio_rb32(s->pb) : avio_rb16(s->pb);

From patchwork Mon Apr  1 20:56:04 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47704
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp979415pzb;
        Mon, 1 Apr 2024 13:56:36 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVpP0R86YI9QDqmPvKaCmdDh3VtmALBRG3fX34X/owJgaH8AJPFo7lxS4C2JY6PT7joesZzS1BRjvraqo/NSV+t7e8ysl9ziSLnCg==
X-Google-Smtp-Source: 
 AGHT+IH5WolghOkowBd1ORo+1y9qvRuSrGg22kKLer+F7oflkRgYvZWZ7AAGBMsRuMWC3hveLgW1
X-Received: by 2002:a05:6402:4316:b0:56d:cc5d:eaac with SMTP id
 m22-20020a056402431600b0056dcc5deaacmr4121683edc.2.1712004996245;
        Mon, 01 Apr 2024 13:56:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712004996; cv=none;
        d=google.com; s=arc-20160816;
        b=IsL3YcdrQo6R5PpKSKIVqbsJkQFmYUqDz8+2YGKNh15s/kFMqF488cfRb8auwJddRk
         9+OM08ufp8pO5UIcG/wd0qwxySGxvVnIw/g02B8El6LRTZam7Z6YomHBLWGIz9a1Z6Op
         zMPZUrRX4hTBEX6X8glfS+83WsrmcG/lBO34X7B+6TUbEwgKbnXzk+y6x5OHPpfK+FtP
         Wods0H5BVizjBXMNCc+BvtFG+z4SmUbtxsZWNwZV+kNEAO+H+LoJEvNMkArL5UEhKxOi
         bokV8gXauvdgtQgWMrwjSElaMAqAqRI+PaHQ/s8N8z6RuQEpkiSiKbpyHx3Zjv/P8kA6
         w9UQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=KlNemB0nPfO4wZNStVXOFCDbMSirSAZJzW2SvvPBQFY=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=Pts8gjojIIrwNr9Hvd+hjs7QjZX8veQbz8k1iP5ztLuOcArH54uXA3gjEA4iuV9JFO
         L140b8KZc4Cu9vX2cnQUHdBqtQHeGFHXBVdSG1tIwmmd3lbgY7TAfTFllW7uFFzWTkDf
         OsfmNxEHAdp+jtwtV1xkq5ebli3lqBfwMXkutXHNF9ou5GSg1SiIR5x7JMhddoPbNU7N
         Y5B+OVvY4QfxeWD+PNwks2r7KrvlqmkUy+QNKgsNlYzVhHJM7KZt++zM5FgdROKBFZq4
         kw7H0A+mJqkkUB8usvpVY3Mfj1P28GMtFNnEsEyF0NorXQi/Iv8/8lFfLJDw5kKmMpO8
         Zceg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="nJEbDc/p";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 a20-20020a05640213d400b0056c4ef0928fsi4974983edx.312.2024.04.01.13.56.35;
        Mon, 01 Apr 2024 13:56:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="nJEbDc/p";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BB78B68CFE3;
	Mon,  1 Apr 2024 23:56:17 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net
 [217.70.183.201])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E009C68C463
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 23:56:10 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 3AD061BF203
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 20:56:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712004970;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=+7WgQCLh4ePz41A6IJkeG2lkwz5DqMBFSgFK2OffNqg=;
 b=nJEbDc/pv59gsocVVS6oxUs/omAsgaM90lWz0vuqf88zcHbid0VjemrEGiS9OdrpBWuBot
 whIpxrRJvlawmYkj6Q1A1jAQkgBx1P6F8iFRjiFhgkGSt21x/7j0HXwswP42mWHj6VOa6i
 yH0pvz2V0Gr5IuJQL4g+dwDXGBgKCf/Etp3UQYPsZ7fhpBmm+OGMBOI/NP07IjHc0RxHHr
 3lCX6+2DNOfC4+BfmxWRIGRGsEJQDGu1eHyCHAPmQqs+paQyQ95BIxorZyoSqfm+hLh3SR
 YX2Q9xChzUU5ST8/A1sEIwcHTDZDUCK6BnRqixXO9SbZ1qyUcHKsU0FoxzwfYw==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon,  1 Apr 2024 22:56:04 +0200
Message-Id: <20240401205607.9093-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240401205607.9093-1-michael@niedermayer.cc>
References: <20240401205607.9093-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 3/6] tools/target_dec_fuzzer: Adjust
 threshold for RV30
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: syEds6Te7IP2

Fixes: Timeout
Fixes: 67530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV30_fuzzer-6635676118351872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index a6e6b2f27f7..e7633c6ad8f 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -279,6 +279,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     case AV_CODEC_ID_RSCC:        maxpixels  /= 256;   break;
     case AV_CODEC_ID_RASC:        maxpixels  /= 16;    break;
     case AV_CODEC_ID_RTV1:        maxpixels  /= 16;    break;
+    case AV_CODEC_ID_RV30:        maxpixels  /= 16;    break;
     case AV_CODEC_ID_SANM:        maxpixels  /= 16;    break;
     case AV_CODEC_ID_SCPR:        maxpixels  /= 32;    break;
     case AV_CODEC_ID_SCREENPRESSO:maxpixels  /= 64;    break;

From patchwork Mon Apr  1 20:56:05 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47705
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp979451pzb;
        Mon, 1 Apr 2024 13:56:44 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUzMpXcIuUuvd61klnYpLEJdmuw55dj55kNvCMFFQ0zzqgdjnPljaYPHyHlTWk8kIZcss9Q9lXmoBbaRgYi/bNWnwCp7vhcqRtYyA==
X-Google-Smtp-Source: 
 AGHT+IFEh6hQIryj17zvY+RW7FddaF+Juisoyaf0VVCbCxoL4Q42xQox8UinOPJYu8/1ygxFIqOx
X-Received: by 2002:a19:e01e:0:b0:515:cc50:9376 with SMTP id
 x30-20020a19e01e000000b00515cc509376mr7127543lfg.22.1712005004637;
        Mon, 01 Apr 2024 13:56:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712005004; cv=none;
        d=google.com; s=arc-20160816;
        b=Qxus5mjc+0onB41hgrL8+bSDqH4h2JBF/yICj6ocXnt6gL8bZeRJTCZRP2JxISh2hn
         t6h3NTcHHeUBrRUMVZtq1B0rDXIPJyrpaFFxCr+mRi/Vt5slvMjBk3y9EyVI45wFhk9K
         JZkwstIr6WGTThyIjIrZaYh8IhQLqpHwjw1IWQn94NeBfF5j+YH2VYJPfSY2msxAp6q6
         NBO4NZpU5lRz+0YgQOSlo4Fd0WTJLUFs3yTLASzYclOzlJfLBXOTtCPPOGKU1gB4IjtV
         K4A9PkZeKWTv3oD0boLBFeqKrmRlfJrDElkOLLqa+Ia3HveubR+8CRpkUStEhLd/NFyI
         UWUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=gMhX5VEYXdttsPJne39YuHRNSpm/W3sy1lksspAZ84U=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=h7LfjRKjYGyQDfwcI3Er3rvk1/z41ib3odUZX78ABNkxsWyfjsZKDSmxeak9jEFJbs
         0k/EAQLmBirzbdF0DKNnN22JqMlXbHY4Um+onnOyxhq/dRrRYn5oVPsir1EIURaKuZTt
         4+UwQ72pbh9CpxnkF79tCfGk7dEHJ5rxyI+JGQiyF0MgpRtE011wLpFkuzn/PRKRM3/i
         JHRsyD05p2AD85Iaak+lL0TLHd6znI/d/gcS7r06qKR1s3kzPFWkfEJSHV8lgNXv2RN0
         TNbChzKmfYY7q8Zsa42yMJ8ZXaRis/WYtn3C7mpxKZoMRD6sbbG+AylB8QLQklJf+pw6
         6eMQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=OFbow7gE;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 sh37-20020a1709076ea500b00a4e23493aa6si4853593ejc.94.2024.04.01.13.56.44;
        Mon, 01 Apr 2024 13:56:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=OFbow7gE;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C1E1F68CFD1;
	Mon,  1 Apr 2024 23:56:18 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net
 [217.70.183.194])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AFDD668CF98
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 23:56:11 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 07C9540004
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 20:56:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712004971;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=PRjK5KTNOWTbA0X0Hk0Wbh/XY4Q65AlWkL8sU0e8TTw=;
 b=OFbow7gE0w0HvR7vF8zgT3VBAx5Ueu7N2ekBOL24ItV8YbMFOR7lbtmhRjGRyx9AEcZvAY
 3z2RkLxpo2foeXe5oxmWvuO8YZp0chrxqthVTC1c70lH72RH1PXyTCH5UDH3pwHMuXWa0h
 CKRiiAJ4CAbIXgh9UfWMb10Ea2VqokiYPt/miuUJ0OCwOVi8kptu/+OKyDAEb2RM5jA3oW
 66hi4nOL/taerR0X5fCAU9MGpvWfXULJLQeDY3+tjADAXpSpeVmU+AOjCT5nf+zqT73QFK
 1t9y3Oq4YI5AtykoNUWqCZMt0FeRa1iDshBLYleqd/HvqgZKgjjTycfpl1GPFg==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon,  1 Apr 2024 22:56:05 +0200
Message-Id: <20240401205607.9093-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240401205607.9093-1-michael@niedermayer.cc>
References: <20240401205607.9093-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 4/6] avformat/demux_utils: Avoid leaking the
 packet in ff_add_attached_pic()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: k1CmjlS+kMuC

Fixes: memleak
Fixes: 67714/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5671570999476224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/demux_utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/demux_utils.c b/libavformat/demux_utils.c
index 86f551245be..96e6e20d1ec 100644
--- a/libavformat/demux_utils.c
+++ b/libavformat/demux_utils.c
@@ -123,9 +123,9 @@ int ff_add_attached_pic(AVFormatContext *s, AVStream *st0, AVIOContext *pb,
     if (!st && !(st = avformat_new_stream(s, NULL)))
         return AVERROR(ENOMEM);
     pkt = &st->attached_pic;
+    av_packet_unref(pkt);
     if (buf) {
         av_assert1(*buf);
-        av_packet_unref(pkt);
         pkt->buf  = *buf;
         pkt->data = (*buf)->data;
         pkt->size = (*buf)->size - AV_INPUT_BUFFER_PADDING_SIZE;

From patchwork Mon Apr  1 20:56:06 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47706
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp979506pzb;
        Mon, 1 Apr 2024 13:56:53 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCX/Ny8UhCq+1miHiU0fmAEaYHaFEu2wou86UXHKJCbxicN38NVkqrUHr/KsMnlOYvDINbSzJzABGCwvS+FPmqFuGRGX8UXgafZEvQ==
X-Google-Smtp-Source: 
 AGHT+IEZoJbu7r+nluYFOl+oCdTaTHfYzAgwn/W5Ze4g9OjwlTF9fwJIB/gzZj+5zClRnhgOz/3j
X-Received: by 2002:a17:907:3ea2:b0:a4e:5137:9969 with SMTP id
 hs34-20020a1709073ea200b00a4e51379969mr6044991ejc.32.1712005013153;
        Mon, 01 Apr 2024 13:56:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712005013; cv=none;
        d=google.com; s=arc-20160816;
        b=Jids3Mbsoa7s3Cwcvlt0mEwgUnK9aBzlevKMqf1DgBvs2gEyf0+GgOmbAst/bMSg0r
         W48sLcCgVj3yMBIsTx2yUSXsyv3814Sc0a6nrv5D+3kmCs0N7n0ux3eeakUTYOemDpZF
         1ZcUlyx7RJxPMZUMOaAQOrGS9Bjwuv0MgYiJfeBa9Rl4+pF/cajkVlsCG/3lYSKoqXcJ
         aJQlwYDulM8g+j/2KNWpemPRP8tY8n3MoMMcFxkwXwN/ocHkaK7m8hHMTDJdr8GDLBkr
         IOI4YUb4RXbfzdrQydJsN9IlAl9PMfN/WXKQ5YZFvJiXh9e+hUmlzCpvbjeNzyxiTq6W
         4MTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=2b2X4MP51j3+hw60vITePCISIrpDOLVfolKZz8DsCy4=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=R0r2vdkcSVKSPXaUGKSlUcnn/3l4EsBYbz4XWL0/2VXuGSxmrwKmvy75xhRjtPnRJZ
         DI7JJoxCq3DNo2zNBK1enYssQBqrQAsuReBZttWeOrtiVqs7HQ34bralzG3C5kcR7iDI
         j+9F4u1DnpZ/+xElBgJzZrrL5504Z/hWVbzNRz5ZYo0gpJkiKVz1YlFipwg5GRYjRDhv
         i9A2judrGisHXaTKDnuLSMeK9WRBkbmPQwd6qZZp8kyJ0EzHUGtwAovMuEymVN+hXXBf
         2hy/WofiU+VxYMkk2qBJDovER0XxKvw+676fUSTbiufA+eoYFbiS1Sjbs99Qq/EStKlo
         Tz9w==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=mQo5WQJH;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 u8-20020a170906068800b00a4dfd97fd17si4866794ejb.831.2024.04.01.13.56.52;
        Mon, 01 Apr 2024 13:56:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=mQo5WQJH;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BD1B068D04F;
	Mon,  1 Apr 2024 23:56:19 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net
 [217.70.183.195])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7E90068CFE3
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 23:56:12 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id C797C60002
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 20:56:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712004972;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=aJik++gIl4Si0dkK0lUPBjxJInPRVK9FRXzNLMHqgRU=;
 b=mQo5WQJHPrDrlPKgn9q1VEmyOXEAqc4QsiGmUKXvc5wgnHsc1RdctVg2+usGVIw5KRtxtg
 hFFhe3p1NZBqIZ3k0Lt7pU3Q6l6JLkxp3xYBvcYXFXnguetpgeg0iypI2EMahsaOS/Kzei
 0CFQfXepzRhva7b0/HhAjunan5F/6ltny8iaHMxOLrX4Z3SMS3s+FQuVqgNuguymlqQvZJ
 ac1DVOJpho4iaahBrp46Du7Tpv2BFmtQWgaFrp4Yapsya6ZJj5n5sbpstAggOillaPNeJf
 kzl0SO6EZWBxLCSgPPE5N+snCZwY7slAtp0XIGNqdSOZRYoOSn4PetVKZ9s53w==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon,  1 Apr 2024 22:56:06 +0200
Message-Id: <20240401205607.9093-5-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240401205607.9093-1-michael@niedermayer.cc>
References: <20240401205607.9093-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 5/6] avcodec/hevc_ps: --typo
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: HHgK15+Xm/9C

Fixes: null pointer dereference
Fixes: 67737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4858162608930816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/hevc_ps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 38b3721a6d5..25f087ed754 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -460,7 +460,7 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx,
     int ret = AVERROR_INVALIDDATA;
     HEVCVPS *vps;
 
-    if (ps->pps_list[vps_id]) {
+    if (ps->vps_list[vps_id]) {
         const HEVCVPS *vps1 = ps->vps_list[vps_id];
         if (vps1->data_size == nal_size &&
             !memcmp(vps1->data, gb->buffer, vps1->data_size))

From patchwork Mon Apr  1 20:56:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47707
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp979556pzb;
        Mon, 1 Apr 2024 13:57:02 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCU5kloJrEWenAR60jAVQg+FzAGb7tjm8G98MoN5OB1OoaPIqExPsL/0rfLkFpxyU73bmeaqg258SqXDtWliWzi4VZao3qyGkDK7JA==
X-Google-Smtp-Source: 
 AGHT+IGhNQ7UK567kbNv+yeulCQgr/eR4R8ZrqknuE1ll0OGnhzKv7le1vdiJZf+lk1ruHLaJDtX
X-Received: by 2002:a05:6402:3583:b0:56d:d193:7463 with SMTP id
 y3-20020a056402358300b0056dd1937463mr2858008edc.3.1712005022153;
        Mon, 01 Apr 2024 13:57:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712005022; cv=none;
        d=google.com; s=arc-20160816;
        b=Al4bW7jJ3eZ3GYjbZQcgJOxa4fybs3rDjoDSvAVSFzk9qcbad8Bh5cz+y8mpR89zKv
         5zD9jhfMqrdiUtI9h+Kod3bIp71L5seYBQcOExC+hpd9SGNXx3bIizXoJK+57rjYcTZf
         Xe7/dibsP/gmzSIqIEV5YnuLduoVQ8D2nN9yfb4RKScmTzZw2abrcfIzbjh2iOFAaZch
         y/CAliLyW60VfyHsRqjUpb7n75LIeI8XHjWvPtkvFtpqK/H0NozAqTW1OJp5c1FmJPiT
         rIcs5DmUE+LhwZoynx47Fq74mrcIFohxfleWGsp2/ciauS2FYQciwgWgaYjdL8x+VoGP
         pMaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=GKU25g3+WoJi4jyenQm/JgmRSh9fPoMmSyxieJ/nevg=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=mgM+d696tJ3ptrvIPilwWE+GYlXDaCs8TaO6wZtI9f2upObZEF97b35pRwVaVTcdU/
         QxBKlv0w7w7jKRjn1JbfajQm4CGyjY+q+zfvgZdntBJMA2Dc2LILwYXwXPCcX1Kq/nf7
         mo5wnd0DcP0TejCem03e9WSMNv7RxZmpIqVemamyzkyLwhzzWB4nvPoSY3W1S1vMnfJe
         Q3HXyABs9pbdWiuM+2jqeuW4Y25MB3FdGcvoktPwUZ6Lq6XCK9j3rsj2uarTbCkK1c8b
         MnB4TBg0/uZ+iLcZ2G6Q9FuxfP4oW1YeYvStNkJKiApntZtDCDTvPJYVpDHe44aC8S/D
         LVsA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="Dn/qMweE";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 f30-20020a50a6de000000b0056bc7f09a66si4710659edc.185.2024.04.01.13.57.01;
        Mon, 01 Apr 2024 13:57:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="Dn/qMweE";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B711368D063;
	Mon,  1 Apr 2024 23:56:20 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net
 [217.70.183.200])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7610968CFD1
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 23:56:13 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id CA02D20004
 for <ffmpeg-devel@ffmpeg.org>; Mon,  1 Apr 2024 20:56:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712004973;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=6tAqkQzeuWF51MndFFAwvrMt1t2Pq4NLUvz+DSX5HVA=;
 b=Dn/qMweEaz+x1H5J4Z7KGHiccbyHZZSZW0bnd1j7LfBPeyf+BP9q+cfoZC6STmRHazIjPE
 i1wY5SiCawcLgrujY2w2f1PbRyBCvdZRdpA5kK8BYimFd+xSBxDNj43pLuEckS1KElgpHa
 z8as3A58EJ4Q1KM0gU8JooShR1uD2PTOkxNg8UASpKv58cYW/FhTBOj5jqJ1UcWoKM+BsC
 gL14lKnwZFiJg2Pw33Ex9KMNY0Brj557QQqVPNu2jSaYmIwqQJDEbKjlXldPD1oliITLgW
 sOz+pqVbB+yzohXqQM4fGkTy7qhi0UuHor5yQ20DDEPzbrdjEkuuSukwVk9rwA==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon,  1 Apr 2024 22:56:07 +0200
Message-Id: <20240401205607.9093-6-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240401205607.9093-1-michael@niedermayer.cc>
References: <20240401205607.9093-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 6/6] avcodec/apedec: Use NABS to avoid
 undefined negation
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: p4A6RjDa53pK

Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 67738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5444313212321792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/apedec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 86b79182a73..d75a85f4664 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -1287,7 +1287,7 @@ static void predictor_decode_stereo_3950(APEContext *ctx, int count)
                 int32_t left  = a1 - (unsigned)(a0 / 2);
                 int32_t right = left + (unsigned)a0;
 
-                if (FFMAX(FFABS(left), FFABS(right)) > (1<<23)) {
+                if (FFMIN(FFNABS(left), FFNABS(right)) < -(1<<23)) {
                     ctx->interim_mode = !interim_mode;
                     av_log(ctx->avctx, AV_LOG_VERBOSE, "Interim mode: %d\n", ctx->interim_mode);
                     break;