From patchwork Sun Sep 22 21:56:36 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51705
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2134670vqb;
        Sun, 22 Sep 2024 14:56:57 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVT78g2Gm5oyNvhZ6OlnVDDuw4RIs5GHFnetBkr/RdeHG/S0i4RaGrhAOyKPag7SBPHBYHz2k6tcXAxfSi38HUu@gmail.com
X-Google-Smtp-Source: 
 AGHT+IF0Y1OghR8XDhXPCz0c7mu/iBbbY3O6tMF57s9Rsi3k9nzD9MlVC5pjGUGyfBrc7hYOXBHw
X-Received: by 2002:a17:907:f74e:b0:a86:9c41:cfc1 with SMTP id
 a640c23a62f3a-a90d4fe01e1mr940283666b.8.1727042217402;
        Sun, 22 Sep 2024 14:56:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727042217; cv=none;
        d=google.com; s=arc-20240605;
        b=DQiuVKwaLePh0Ghn+QIEJVth+puWzwfd04NYxVfrubG8RHKsoSmoj49xvRcIvwTbM6
         TvHr8aeJkIwUAcfbG2wIhqTmXHv53SRlD4DuY/1Ry/1IMP8FIL+qx8J8GQEXnp3LCo7T
         ri71xt5qAPvIImf5zZxJucFi+5H9dlo1mCu7Ip0z1lbhzBY4awa0EeRS6q6on4NitBt0
         giMQOREmcktJY1z3uemLdqb3EgtOb5INlD/bVuYZL2EzYmz9nBGDYDAiKY3YZPlwSH48
         XK8Lybxrof/UgSl4gL0tFVw231xrjMXhjMh63GppLJSsh7yh+/rAAeTF+wh8YWX7RfqU
         d/cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:message-id:date:to:from
         :dkim-signature:delivered-to;
        bh=Z4ZVjeFTp2uBJf35y+nxYxctnKrx6oFlp6xYVO0fQVg=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=e5R1Po1gPIF2AoVvGd3WxaVVn6NBDgcHyA1x7+Fc+N/CMnAJYpo2NRBzacz6HOffIc
         ie1aHPankvPPKyqYzWn1DQbQBYDs+9vSU6UhFJ2xfrKaCIzfTkSV3rJfXhqtcd6Tg8tD
         ediA9hL+Wv89gRdm57kZ8KWIgslpES/m73FxiqJT4KRBb9pjOIT3Du/eVgCJYybRfrqF
         5Vf0+Rn9ZIvO3OjGhTWhViEi5jci0H7KltrzxKlMRcLuazjNQqe+xPsmkCBG654Bnw5g
         UhL/A2DXzXLDXP5VAviEFaLwQM3oKgbIyvYWX9VZ7USHtC6NNzcMl05cmeUJEulTm8pv
         eqQw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="YM/Ue1c9";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 a640c23a62f3a-a90612cc410si1232067066b.424.2024.09.22.14.56.56;
        Sun, 22 Sep 2024 14:56:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="YM/Ue1c9";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 436FD68DB03;
	Mon, 23 Sep 2024 00:56:54 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 75CD468D9C1
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:47 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 7AB91E0002
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042206;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=gDWTjZ7ESfT9pvdAJFTd1t0NyNwoKLGu+TxiZvJ3vks=;
 b=YM/Ue1c9+9FxN88f+VJY8ZGlQQ6ZTWFPtQbv7ej/BQtyIPW1eAAhsLGrE8uxLFz1nfZbtk
 XNBYxHCCL4UdgevYhTmFN+oe20L5jK235SeBe7YN8OJdLV5O8OIxkwra/2bVsvQpyp9isw
 o2+PGxZtrl3dFnZWIkPFpplAWiSfNLz2NwlZwrdXfD8kObKL6qs9iZWGnXbXrdensHFhmr
 iasBw3QQnaNy1VcWCPvbOmN47Igv/tOoSJvh+kT8ZEA1PwlUf7q5cgryDJyKrgAvY5zH+p
 gJ4cguC8ehOKTZl23mtUQYaf8SvB8oQmfX87T9PTCcoIwWuG2NgQr1GMZPizjA==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:36 +0200
Message-ID: <20240922215645.1182935-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 01/10] tools/target_dec_fuzzer: Add threshold
 for SRGC
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: /EfnuoTy1uYs

Fixes: Timeout
Fixes: 71234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SRGC_fuzzer-5098445864501248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 81ee4ef1a4e..432e9488168 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -296,6 +296,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     case AV_CODEC_ID_SMACKAUDIO:  maxsamples /= 4096;  break;
     case AV_CODEC_ID_SMACKVIDEO:  maxpixels  /= 64;    break;
     case AV_CODEC_ID_SNOW:        maxpixels  /= 128;   break;
+    case AV_CODEC_ID_SRGC:        maxpixels  /= 128;   break;
     case AV_CODEC_ID_TARGA:       maxpixels  /= 128;   break;
     case AV_CODEC_ID_TAK:         maxsamples /= 1024;  break;
     case AV_CODEC_ID_TGV:         maxpixels  /= 32;    break;

From patchwork Sun Sep 22 21:56:37 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51706
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2134711vqb;
        Sun, 22 Sep 2024 14:57:07 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXdOXw2hbvWccnt7ZcrWv4XeqDlL5dfeKm5DiLkVc5G29wX7FfwDtgf5w2u4KS8QJ9rsL6VAD7y1XIISqS2Oh/d@gmail.com
X-Google-Smtp-Source: 
 AGHT+IENdln37DyttXR27FmvJgovfdyel3dsHXifvOxlfaAzkjpz0nqt8suXlqR+NWfUjA05TXb/
X-Received: by 2002:a17:907:3f19:b0:a8b:6ee7:ba26 with SMTP id
 a640c23a62f3a-a90d4fdc04amr1018615266b.1.1727042227426;
        Sun, 22 Sep 2024 14:57:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727042227; cv=none;
        d=google.com; s=arc-20240605;
        b=YdY/jHHgtJyw7fLMsPbn0icgYgPb5ywvcWyju5C71ON3Mn4qVASIipJwfJ+gZA6AVd
         Tg2SjfbC9bBYEZCbJD92thqkJwiGerEzMUNy+etEkm08M8LP0HiZWphokSrbGi/QyEDQ
         /LfdABo35VsccpWs7T5WgsWEbnucTsS8cnrOS/dpyXmQkDRpMr34BmkcEVzShT7N4vdw
         fNszSlgvN+Ed2Wy4VwcqRzVJ+LV5b4rQg0Yfpnkz4WLCzJz2BJbuotOyZqFN5rEjO0um
         4PCjS6IqEX3/Y4BnWCeEHQCyABYGXYwqjrIm5vo6EqXmDQo0QOdtkDYAsUXZvyiHWRMl
         /4Yw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:cc:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:mime-version:references:in-reply-to
         :message-id:date:to:from:dkim-signature:delivered-to;
        bh=uHt3LzA25j8URQ6tPW8jtZxUSNsqolr91JPfVn0+i50=;
        fh=7v7P+4NId3m0D9NIcOFr1zjlak+6ugFjknTktdVaHyI=;
        b=DjXSaeFTHkUikUHVMmI1OznPEV7UHulCdFm0Yb/wZBCQJftWqTIsqGLiNM7ddmkcfO
         Y4hTUgMq1HOhtGAUc928ZiBTe70VtJCr43On/DBO4YQcmQQw6kT1xTgWeGOFlP/Z6FBi
         rbOK+RLN0PaSw2+Ngv2sJoFh2fCWTNEhYZwLzrxgd+l/iLmW7AI+VKPr2KToA2QIAPIh
         OjSg2Px5M2vmCFB/4A/sz4AeJf2/zLBa++qiH7qmy+zeI2QVK39y5kq24SfkrvKMfiYc
         s2yno2BykEUYY4DG/8WxYHqFPSF9jpS/CJoh3f4WMA0BXuPNy0luS2mGNhcMhTeE6h14
         X+Cg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="C5fa/Nz1";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-5c42bcae58dsi13378084a12.612.2024.09.22.14.57.06;
        Sun, 22 Sep 2024 14:57:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="C5fa/Nz1";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 667E268DB14;
	Mon, 23 Sep 2024 00:56:55 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net
 [217.70.183.201])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 45B4C68D9C1
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:48 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 653A41BF203;
 Sun, 22 Sep 2024 21:56:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042207;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=gDQ5z5iIb9fGXcZ4r17CYJQWtwIAcWmLCptKFMG4ZWE=;
 b=C5fa/Nz1aWzp9QmwWlBkmixLJQEEJX6XZky+f1zj61r5Gvwd5Kb+gFOW5JeZbb6yEGVae8
 Ydun7Xy0tDHQJRUfrz2RPnKUngG0wBHQLBLYLwExYHs/mixKtLroY3DEp5UZfTxGektDSQ
 55c76DFkS+f8MAK2zqZ4rm1DdLo/bHE881KVKfGJKDXfkkq+VmYampZueHX/Gp7nl6gVIX
 g6H91u8SE3p0JlWjqZ8GZY/fhOFp8bp8pmhx8SRz0l3hyIvyHXGzXehOvWYFLIXhTcMD6F
 F8wqnY5MtuwVv1Lg5CNt4YRzU1nkfxfuGNiLJwTsGa8bk2wkE2Zcujdu+b1i/w==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:37 +0200
Message-ID: <20240922215645.1182935-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 02/10] MAINTAINERS: aacdec seems unmaintained,
 aacdec_usac seems maintained by Lynne
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Lynne <dev@lynne.ee>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: nan3KzNAK9yQ

CC: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 MAINTAINERS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 5b6fbfdc48d..882ecae1d32 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -146,6 +146,8 @@ Codecs:
   4xm.c                             [2] Michael Niedermayer
   8bps.c                                Roberto Togni
   8svx.c                                Jaikrishnan Menon
+  aacdec*                           [0]
+  aacdec_usac*                          Lynne
   aacenc*, aaccoder.c                   Rostislav Pehlivanov
   adpcm.c                               Zane van Iperen
   alacenc.c                             Jaikrishnan Menon

From patchwork Sun Sep 22 21:56:38 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51707
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2134733vqb;
        Sun, 22 Sep 2024 14:57:17 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUIoL/4VDB8KQE9T5dEF6CqECS2ztUoyk7quD9vvhYBb0MJX5fP3caTztNL3dAxZJTtKzZOn+EOGsKQlv3eMWQB@gmail.com
X-Google-Smtp-Source: 
 AGHT+IHps5F1MDi+L4ZiIid8RnYNG37KbHD3Nn2b3IKbaOUTMDMB73MUqPh49cQq/gDWrs2xd37s
X-Received: by 2002:a05:6402:3548:b0:5be:ee30:9948 with SMTP id
 4fb4d7f45d1cf-5c464a3e20fmr7333371a12.8.1727042236808;
        Sun, 22 Sep 2024 14:57:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727042236; cv=none;
        d=google.com; s=arc-20240605;
        b=gOj1giSXDXR5tDnVzh7VDe1HZfmgF2r5AuNjuD5pRoqEpbhrdgy9R9zfBnUqBOqfRP
         z+2RNgWFNsw6GyA6Cgu8x2CwWrljQAEyolorG/fYdvtrlpWjIcq1gTKWGtaD78l1BNlU
         2r8ou1C2NSeUqKd79fOnQ1fgXFPhnmhMRPF1IXPCUnKBuNpZNai3FtdBrqKQYFMblE+s
         gfEfD3gHNFoXftqpwzjWj9nAC8n0DnBY0pEtufH0XSTNfBf4J/XJyIdbMZJgy3oj6uiV
         7MAowB1HDtkUqnW9vtUsLVvVdwUz9U611xdmffAgSQZ7NyhQa3LjZLHbo9e2i+aiVYQY
         ULAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=oXxSaEsaKjKYG0XLMq2N7j5aqOw641JBmnVPC1pa7MM=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=JRu/iI2LLc9GlIywlogQMQ0dm0c/JejsU+LqUbCcBVDVgVxNFtmvn4+QmoqSFd0G0V
         mE3M72Ewo+HlCBP0hyGbYRdJHquweCfOnOhUvb/W/5l46p/lzFsuUIxmX6t569LgMVgh
         E/JtGQNoAtvLl8aVLJF6kRG/bsHPVnW/ZbwTYNO1gF8q1rTmqXbY2AbBuxEc9jt0R4IZ
         HgW9dtJ0+Ysnxljlx+vAuJrmZfJGfc4Hjs62F6TZwLy4D+4qoC7fWIsf8yFFJwseaa5N
         c4KhMxj8ftzBu097E+Qx9KnvQ2qJGwF8aDS8yTNOQqjClC5kPC4g3S9kvZ9j4WST1YXx
         gpYA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=mzTv5JHC;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-5c42bb5b7eesi12187056a12.165.2024.09.22.14.57.16;
        Sun, 22 Sep 2024 14:57:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=mzTv5JHC;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9217F68DB2F;
	Mon, 23 Sep 2024 00:56:56 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net
 [217.70.183.194])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6122B68DB05
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:49 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id B524440003
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042208;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=2u51omMTiw9Owo8bbYKO5sQzStk/Kfa6QYFK0Om34vw=;
 b=mzTv5JHC4ulbhSxIEUce50qJQZr1NMCgW2rq0ea6g7bntOAHsZXv4EPtg7TRDO5hiGEUFq
 O2EuqQ+j2HKplQeIUvcOMitvHP9W4ubUlMvQ3RVrDomsV07E3EifmqjV+CcWaWcn1NoZF6
 sH7AqKS/GJIwbDDudlqPtscvECF2xOI8OGpP0mcIdIV/v/dsyZL8Ip61f6XZkIxz9RP9GX
 1aQWUxDyRzu4iKal5HsmhWY7BhKQ2wgsGt3x2gVd86bDEi9xkamgwnkb4JVqyxQHWBj0SF
 k7QALRlTdMHLNgrbrcS58i5YeP+zLp3ZV+8zENxrzd82eYsiZ3sVUTGXDC5Pgw==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:38 +0200
Message-ID: <20240922215645.1182935-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 03/10] tools/target_swr_fuzzer: Limit the
 number of samples
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: verxPO4YAc3H

Fixes: OOM and Timeout
Fixes: 71254/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-5941896977907712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_swr_fuzzer.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/target_swr_fuzzer.c b/tools/target_swr_fuzzer.c
index b6cdb72a560..9192d4bed50 100644
--- a/tools/target_swr_fuzzer.c
+++ b/tools/target_swr_fuzzer.c
@@ -129,6 +129,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
      in_sample_nb = size / (in_ch_count * av_get_bytes_per_sample(in_sample_fmt));
     out_sample_nb = out_sample_nb % (av_rescale(in_sample_nb, 2*out_sample_rate, in_sample_rate) + 1);
 
+    if (in_sample_nb > 1000*1000 || out_sample_nb > 1000*1000)
+        goto end;
+
     out_data = av_malloc(out_sample_nb * out_ch_count * av_get_bytes_per_sample(out_sample_fmt));
     if (!out_data)
         goto end;

From patchwork Sun Sep 22 21:56:39 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51708
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2134765vqb;
        Sun, 22 Sep 2024 14:57:27 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWDaLy0QfjTw9/qsrgNKDswMnWR0NIlXT1aiMkuMEqIBLVod796w8rigGkDJlfuMaH0jfTgnJothS9WJUy0Vml6@gmail.com
X-Google-Smtp-Source: 
 AGHT+IHRomwPvZ2TzInuKdnAFPSXwVmkclq2xdDTO81cguC4VqeCMEidK6DE4IyZXZI7+LWznsQm
X-Received: by 2002:a05:651c:2228:b0:2ef:2ce0:6ac with SMTP id
 38308e7fff4ca-2f7cc37560dmr43058811fa.22.1727042247349;
        Sun, 22 Sep 2024 14:57:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727042247; cv=none;
        d=google.com; s=arc-20240605;
        b=DwIuQtwuHYy0gf8XdqmkeYZIncGGG/9jJLkpQzfJX37456UMxLImlzz3/ko1jUoE7N
         CUHQWVQNQTePzjapwv9oG1/48wbRlMc7M2XL77V+y+FEOud312ZI4e1emVvSP45CWn+b
         /v+WV0N3nFyQjpHhwKPl2bW6bzgk4R50jKRj45DjtnQzGzd30rIn0jTA22gqJG31j7td
         2vgL0myBeqkqB/3wweeNUPbfMMD6c0R8l7tBy0yZg6iZr6lBf9+fo+YbkpmHYG6HyleS
         omrP+2vCCjFFprVlFPaMO+vYKyqZq5vNrU7e20uJJeAkXX/p0b0KhiAnYN5GJ9sBaeQJ
         LLdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=sobIwL0/sOy93pBdIXf+0Fp0jm1e6zaBfGLADb6VUN4=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=eBpBP3HVM684eO18AlKKV7oEYwQJSEX7JheX3ldao+cJC+jb/YBONmcKgq14398ROV
         Mwk/nY+kL2/VydMkcLDKY/qwdPFNh1mNo/8sW9sW5ZWfk2k2flhhp/XA5YogGlm0Lq3M
         DXaVuP3fcfmN7zNPoRppeh886+3+L6Zv2pbMlR8txdOT671kMZqRnnOOu7DT9/YjTn3s
         1NzV7Kf4DAiKKzNhLNc/XDZ7cezY/EgnnrM6PtM9Wq29a+MHkILkWfSLSPLAy6VEFKtU
         fT3+rVCf6z1BFUv8v8OfQIhYFlR3Rk/O4LTWu2RUyHNH0487UvY5PhBTVC6R9fAdZXij
         FuDw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=lECBo16+;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 38308e7fff4ca-2f79d35e645si52696861fa.252.2024.09.22.14.57.26;
        Sun, 22 Sep 2024 14:57:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=lECBo16+;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8C78868DB68;
	Mon, 23 Sep 2024 00:56:57 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net
 [217.70.183.195])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3DEC568DAF3
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:50 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 8EA4F60002
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042209;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=7/MbdiebyADe6XfR6unSldP0yV+z7Y8iRww7ToxFMRE=;
 b=lECBo16+AAQ9uRpTvaCp0ZNnrosRYoV2m40ynLiYRzPaDJpaElJqgVSQiCX7MCa7Ywz1M5
 iLbhfCcFgQzaErqoBxVZYrh4MOCOzbVwD10nDmoSuTQkXzaBtAWAl49djSXLaMaATPSfx0
 FWAn4WHEn5vvuoHIEl7CFsAUJqSYYU7nshpf75tpbQlFohhXGxs0Nzg/EUzUOiLCNdo3pN
 Nhp7LIZ7JoKefm4u4Vt2V20j+Rrvt2DM060JQJnknbi71TmgQRFFYNPSWSCYCTaGlQNMIq
 v+CckCPpoM54DWoUiflm3HZ3jKeP1wwiKPSpvLLvReEgFOULh5WrGkyqY6Gz4g==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:39 +0200
Message-ID: <20240922215645.1182935-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 04/10] avcodec/svq3: Check for minimum size
 input
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: Jpav395DjC4p

Fixes: Timeout
Fixes: 71295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-4999941125111808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/svq3.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index ce4c58e14fb..f730358e2f9 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1400,6 +1400,9 @@ static int svq3_decode_frame(AVCodecContext *avctx, AVFrame *rframe,
     if (svq3_decode_slice_header(avctx))
         return -1;
 
+    if (avpkt->size < s->mb_width * s->mb_height / 8)
+        return AVERROR_INVALIDDATA;
+
     s->pict_type = s->slice_type;
 
     if (s->pict_type != AV_PICTURE_TYPE_B)

From patchwork Sun Sep 22 21:56:40 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51713
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2142517vqb;
        Sun, 22 Sep 2024 15:24:16 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXrGjxN+6ycroSBR5oruX4k3wbGCcOXu+ybr94yrBbWfe3pgHrR8fwZna8ntXd5i8sbhz49Ed3AH/Y9NoMjWmeI@gmail.com
X-Google-Smtp-Source: 
 AGHT+IH3CBJEL6pXjeZrT57tDVGd/xlNi25xJ+NR42JcJy45NJlXF5R6eMa/vot2bP/qZlXn1H1j
X-Received: by 2002:a05:6402:2481:b0:5bf:50:266b with SMTP id
 4fb4d7f45d1cf-5c464a43d0cmr8457232a12.19.1727043855837;
        Sun, 22 Sep 2024 15:24:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727043855; cv=none;
        d=google.com; s=arc-20240605;
        b=GSUJj9h55mW9+2sWer5RFRR47H2Yvh5/TN1MEgvH5V+ERRp2qgn000bycS+fuimnvU
         eDGt8JDLwWqgc6eZZ2eUeJwA9aFOj0Ee8vhAhimDRtItwHH28q07QeTNL0hMTb+JaZwv
         59LqTk7HT/jHD1KBIUVMsR2QIMeILpUfXXKJplHTRv8jPlxdHX6zsloTz+IkEJcinnhp
         M0wPJ0rS08IBsT+kiMRvqc1qOtlbPubnQqaWkGKtRXA0FzYDOlV/c3p9p0sMt5mJuc+V
         PQ1SFwJB96g8MgHrKpwAJVI1RM8KK3YPZBJgxoU9fvhuAUNyJmnsOWE9OIPqZRhpD9Bp
         sbvA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=SXDVEYeXCHtuD+wUqHjwwpbPZisHzIr5+Jd2lJw4aw4=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=ZHtJ30bf4Jl1z9Q+pFMRnoZxjU1SynFUY7glCBZkWB/i6uvvkTc9M7xjWu3fn4KudV
         ueTnC0uWW/i5LPf6QGux3aFUhUxLrTCCaHPIbyHjBn15aln8dpK3rNyVgDLJu/VBgdbI
         tpUHOql9qsjy10wSZv7ZjtQHynumVeCEs8l91vvQMdZEghMIdoVGS+4GIfFeZhjrnbV4
         /7Y1wSpQ27F29yte03VEJ2R/Hf+HKqkKPssL22Cu0czYSDH/kS9Uk+Kb4C7cme9NpBJ8
         ZesN8576WTWqT8lZUWcVU5LuisNKqpRK+EC4JU0M/E22AUuWwzJB6QtgZdiImzIycbbY
         CMiw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=I1I2Hpv8;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-5c42bcae36fsi12583364a12.586.2024.09.22.15.24.15;
        Sun, 22 Sep 2024 15:24:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=I1I2Hpv8;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BC9EF68DB99;
	Mon, 23 Sep 2024 00:56:59 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net
 [217.70.183.199])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4F6D968DB2F
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:51 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 89AF4FF803
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042210;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=DPuDWlwcovXRV55rCmWjZMomCWe28HFpvcVpbISOJVc=;
 b=I1I2Hpv8gyIAExE4+3l4UyDeSrEyOges1gB7JXpV+0tlwRhRO7qTwKG7llkb8Zta750oXq
 3zCRTmkuWeyX5rSkZUYzAj12RAaLfiIz7/EBbSUdSoDbl7gC99HcqtqUK7ZNPuwkmB8m9r
 ohORQA+f0ACu8uDoDBmEKaSPTUZaN1Oeq/ORaO0DOCNkqrpHtMhYpKstMu2TdXipqrVmkE
 HyxtCHc7NpOvxlKulyrQsrzuzXdG8TN6K6rgDUosd0WYsALAZybRAHCz/ZAq8NRaBbWHNd
 dFKn3Ri1dcAtHzQVO2s487TiioFXnsReB2zBjb1oGir1ivEcTMOEM47RTWeNMw==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:40 +0200
Message-ID: <20240922215645.1182935-5-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 05/10] avcodec/vvc/thread: Check frame to be
 non NULL
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: nuFOL9m0XrMb

Fixes: NULL pointer dereference
Fixes: 71303/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-4875859050168320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vvc/thread.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/vvc/thread.c b/libavcodec/vvc/thread.c
index 86a7753c6a4..2bf9adc462e 100644
--- a/libavcodec/vvc/thread.c
+++ b/libavcodec/vvc/thread.c
@@ -837,7 +837,8 @@ int ff_vvc_frame_wait(VVCContext *s, VVCFrameContext *fc)
         ff_cond_wait(&ft->cond, &ft->lock);
 
     ff_mutex_unlock(&ft->lock);
-    ff_vvc_report_frame_finished(fc->ref);
+    if (fc->ref)
+        ff_vvc_report_frame_finished(fc->ref);
 
 #ifdef VVC_THREAD_DEBUG
     av_log(s->avctx, AV_LOG_DEBUG, "frame %5d done\r\n", (int)fc->decode_order);

From patchwork Sun Sep 22 21:56:41 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51709
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2134833vqb;
        Sun, 22 Sep 2024 14:57:46 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVgLEm1rdTTUq6NX3vWQ8r4kuzC7SbWzcJ9EcnOIn1BSkBvsQguFY3q1whZ9by8Wm+6LwCaVpr7yCGas/alY25b@gmail.com
X-Google-Smtp-Source: 
 AGHT+IHqsO8axFYAqamC84gLKkQsA0nWGxp/A+9kLbAMTNjXebxmZLOvAp/2ULZ8jM7UqPLjzi0p
X-Received: by 2002:a05:6402:1ec1:b0:5c5:ae24:4616 with SMTP id
 4fb4d7f45d1cf-5c5ae24471amr6297882a12.22.1727042266502;
        Sun, 22 Sep 2024 14:57:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727042266; cv=none;
        d=google.com; s=arc-20240605;
        b=MAN4PrUsCtdTf9kMvycaBkbqqAIatEZv26iegkyW9DwSyknjfMorNyaLSU7iSWaBON
         b127svYRYtYdodB34FCWiuqbgMcc61WPMc4rw5UkAvJVFtB7C7A9q/E+dy9D8DsV1O5E
         hK77MX3q+rosb2qOOVDawc9zHVDiFtDE+KpOVRX+EIIYvxqslKl1OerTyJQc70R4zkaj
         nTrFldWiVMUg9hg9AK4cTXFzXTWhBg24UMVW+ix+afS9WfEIWEa7x1o6Ugv08r+SGgOk
         yAJFZqFqz3UUT/V/GLE9dm7N3zi10bCfXQtfF3UiU3MFV0EJn1v81AVZURAFvfj2hY5i
         0HFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=i1MGYd59p+HaOxBeYvpapvKL51dojzl/d+yEBAcoACo=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=fNZz9n5MZGToy1Z7dltCYmDdP+TyjwFoWGP3KDKFhUQV1uDRhfC9fnIiS3lQCY7X5g
         Hth8iqNNfvgcR2qj6UeaGYC+4dfkkthMopnFO9zORDVojFSwZjVK86Y2AMiz2OEoAvfH
         ghw2kWFncFBYKhOcr5uMP3RG5XV2jMG4vA4ruRysiUVICdGb0/CsnUwVpurFEO6LC05X
         EXEsOLW9V39gCWdYieJxM4fNkxWDgmMu6DZ5icj5/NQ6fOFdrKkAUj6Pe0triDYpbmcd
         +78bQORjHy890GxJropAKEZ8CjQQ+i7UKtbj7dwUa/YvplgHg9Kar0nR9p88Wzhn9ERK
         SClA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=nLMWmAMT;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-5c42bb5b3bfsi13106735a12.154.2024.09.22.14.57.45;
        Sun, 22 Sep 2024 14:57:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=nLMWmAMT;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4B72B68DB43;
	Mon, 23 Sep 2024 00:57:01 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net
 [217.70.183.198])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 54CC368DB1B
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:52 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 96219C0002
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042211;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=pSLUNT6rYcymcL3j+MAWLNVCQjriECspAC9IeGP9psU=;
 b=nLMWmAMTT0G5kJKuB7I96FZxG8mKCjZGbGS0eVv+tPIA7KV19LyW+vTeaZl/Vgr6PjCTiA
 fvkMX/h6RtKjksang8bXEhlwAxQWT6Ui6q+3t4oBHL+beOo66ewD6q/PlDNnpHpdERoyzb
 bqyTkGzJrqWTUSX317uh7YZ6YQs9uh2coVLkSNLDbPh5irXslaIHSc/Ie2KvZtEUNYvo42
 MnV0kT7cd7fZ3JwMHsSSnU9/jNzH7sJCdjKTXeAQJvpbXNnR/0PTSMHfjcbrcUlWmBwjEK
 ho2IQpBRzmmNP2FMB1u3213pnqwtUwFGDwF80IcT4q11lbKFl992wPMJcx98fg==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:41 +0200
Message-ID: <20240922215645.1182935-6-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 06/10] avcodec/imm4: Check input size
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: VLn9w1qH6p2s

Fixes: Timeout
Fixes: 71324/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IMM4_fuzzer-5388489435185152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/imm4.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/imm4.c b/libavcodec/imm4.c
index a6da8fcf95b..573b6148339 100644
--- a/libavcodec/imm4.c
+++ b/libavcodec/imm4.c
@@ -453,6 +453,10 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
     if (ret < 0)
         return ret;
 
+    if (((avctx->width + 15) / 16) * ((avctx->height + 15) / 16) > get_bits_left(gb))
+        return AVERROR_INVALIDDATA;
+
+
     if ((ret = ff_get_buffer(avctx, frame, (frame->flags & AV_FRAME_FLAG_KEY) ? AV_GET_BUFFER_FLAG_REF : 0)) < 0)
         return ret;
 

From patchwork Sun Sep 22 21:56:42 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51710
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2138738vqb;
        Sun, 22 Sep 2024 15:09:16 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXsWizoyg0n6YGKh4fga3Ap/3zQ3larZMHSCnkykmj58QU50FQk9+QWyApJNyFgEKxjnax7YZlqwSIlEkXXKUsS@gmail.com
X-Google-Smtp-Source: 
 AGHT+IFkA0KT6G4iyLSzCs9Gn7Kr20awbrpwqzlGHrvv9/bs7X+xUqiN7Qx3tzSSk1To0ZHLlG/O
X-Received: by 2002:a05:6402:35d3:b0:5c3:eb29:5be0 with SMTP id
 4fb4d7f45d1cf-5c464a7d338mr3428468a12.7.1727042956285;
        Sun, 22 Sep 2024 15:09:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727042956; cv=none;
        d=google.com; s=arc-20240605;
        b=V4LGSUcxLhzVZmnqSIHiPfJdzeJkGaxvPF5yiX9TFoTm/eRgsMHEAKsFZmkORtt8Ij
         QrpI039T/wUSNmP8ZRb4kaslTQAroziNwlh+RkwTyjdM2IWgrv5JM9GPuytBeYrhnLQZ
         ch1wOpU7uJJKuW48bAMWwu7Y5LOrjdu42pd0H2cQGOgKHcvDG5KZAkjfrvpi+vdngaIs
         HUV4KSyDTFiCtS8pjRiyoIENaym+FH2nOBmQQLNmBeBFI/e2RGpbp00I8nwSJx5Qx/jM
         ueof5v+omgLIcBLBpJHjlLuKrIkDxzzsM+OhryvcEHqZLjwENlJhrg3eseia+7QSxv8V
         /tCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=vnTW2KD6nzAAACj8tQrwyuld1EA172g8OfAmV/vx/KQ=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=GkZLiDXGvtlYTpSoTaFcLBhTkysl/gm1A+BsccMkvHLwtn9/jaaKFFai4Ies/XbsKW
         dk7DrrGfVL2Zig3MFZIQSRf08pj+Wh+HimMMSX6YvhfdiC12qLI9+5WxLFMzZBaq+JOY
         Z3UQBYIZ/lSZE/TJNpyYjwlfq310CLAOrUgPtSSjvnLXmm6CDINegkSdKz1XnIWtvjHc
         MmMzDovMVzkAG/FIfCrF1ChWw4MGRM8v0nHAnvQC0V+vyxy5TQtsDKLiJW+GjpZFQnWo
         BKEUVV9vM/9L4fO74a6Vy7xm8cglIeTwymqIqzTf/CiOv3coZLkG+esyu8vJbgLjJBPp
         NcEA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=obLu8t6X;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-5c445061f08si9557855a12.633.2024.09.22.15.09.15;
        Sun, 22 Sep 2024 15:09:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=obLu8t6X;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9C0F368DBB5;
	Mon, 23 Sep 2024 00:57:02 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net
 [217.70.183.195])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EF9D768DB71
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:52 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 59E9F60004
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042212;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=PUEuI/YhQPNiZavtXeAvU7g4xoTFhFN60XRaKUJ2pIw=;
 b=obLu8t6XA35wOm9hJaUXyv4MZexeeWcHZSMyvILek/oYii2v3we/ZUycBwTbcne9O28s9s
 WxiLEcF6wCEoPZltnfqFALS1eDOSKj54ylDZyFQ24QMtqq2mwaHPnniY87QuFo11I7wOSw
 QYVkr92HZ8G6J2AMhv7re07jumuYM1hblzRaKWvzNsZGRcmjMMKGDoPatLWW3e1SvJL5t/
 devGA4H4DRnBm9dmKU4mIPCQ8wcNKYokxnYhFY2GYDAJJmDW5o6qw/sHwWPCkfXkYXLH/e
 JeNnULLqCUM5SM86WypfBdimn4QtWY9b+Hhaz+AowXwiYk1xc//oZe86iEz+cg==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:42 +0200
Message-ID: <20240922215645.1182935-7-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 07/10] avcodec/sgirl edec: Check input length
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: Fe0zhhFVUff+

Fixes: Timeout
Fixes: 71712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGIRLE_fuzzer-5763700835811328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/sgirledec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/sgirledec.c b/libavcodec/sgirledec.c
index 3ce72eccb86..3bd31b73470 100644
--- a/libavcodec/sgirledec.c
+++ b/libavcodec/sgirledec.c
@@ -115,6 +115,9 @@ static int sgirle_decode_frame(AVCodecContext *avctx, AVFrame *frame,
 {
     int ret;
 
+    if (avpkt->size * 192ll / 2 < avctx->width * avctx->height)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
         return ret;
 

From patchwork Sun Sep 22 21:56:43 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51714
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2142522vqb;
        Sun, 22 Sep 2024 15:24:17 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVEeqoR6j9aKI0/swTXzwSNbxvc30uttSHFyFBaxY5MDm0sro/1FY8Ro6nYLD+sogNSdfwbeh1IzWc1d63xoRjc@gmail.com
X-Google-Smtp-Source: 
 AGHT+IFWISh4IVQ+4758mH42pekg4NGn9GNq+EjgQNfzqcWpYJtjCmiPtsGaZX20eM52TiSkvjSC
X-Received: by 2002:a17:907:3f9f:b0:a86:9e3f:fdc8 with SMTP id
 a640c23a62f3a-a90d4fe376cmr466484966b.4.1727043856668;
        Sun, 22 Sep 2024 15:24:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727043856; cv=none;
        d=google.com; s=arc-20240605;
        b=gAbP1QFXXuUlHn+lbkrqDxN62q4B1/HyRHu1f33N+Uoy0h/xNp/svOr7led0PEJT7q
         eycfRtWpO39YYmkYwsP8SEntM5HJWAnjSkIs/gfDnhD06g5gvfL3dIYu6RR+yEskjFTd
         zwS8rWNvpwBSBtF1izU8Wsgr7iGBdN1zCtSUafQhQyEKwMURglSrMfv2B+fK/BgT/+Y9
         mUaeVgBFEx3jgN4GNYb8tgqV/8KlM7EacKpRY0P/wpCJrmu1TP1/mcLa6h8J5G/E/pT6
         Qi8z2++kI5xPBfu8OJSYCep2mgxgBMufB/XKeWHNNtW4k0je479UXBEgNhLHzMDz8r1d
         j/lQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=Iyqx16OP6PL6jD59/nR7wDmOsihKvy1S5456BaWBkuw=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=iMewlS9dmUZXRPUKkUkh4FwsO9tQKD1Bf0F/Q5iSfffQZiyA0kxW2ZER5Q2V3Dx0gf
         ptHlqxbHdg/Lx45WLrcIfDuKPvb8SB0KdiANGUI9cGOLlMdQwYxD93STkeetnHjDKyD0
         dub1d6tJGBKGSqWbi/+ThoStK9Cp5ya3iu0xXFUfu39W+etY2BeeqVQrNwuBsMIn2FTB
         Hmg7ETNXgxVj1pTnBqLZ+WbybpSFG7xBl+nHZkund5fdKbDN4LHoDrEeqKZ6Bhxk91l5
         F+n1f2fONiDGque+hlNjMexK9ou/2ns8bcKEJz8pE1pmEjs9v5TNshaNmW4AlkV40Qwc
         C6jA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=Ge7mM0Wg;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 a640c23a62f3a-a9061336b5dsi1265045566b.776.2024.09.22.15.24.16;
        Sun, 22 Sep 2024 15:24:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=Ge7mM0Wg;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0185868DBC7;
	Mon, 23 Sep 2024 00:57:04 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net
 [217.70.183.201])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BB6E268DB79
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:53 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 28D081BF205
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042213;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=Df0uBWh33p/kCzopAMA1T7tCS0It+XtUECjGt5JVQM8=;
 b=Ge7mM0Wg3Rv7zIV9XZzeiATjBGDRA9vt75VK2+Pv4CkSJOy57I0v5VaYF6KPWiNajjqTwe
 wYoDKXb7j+T7A/XPHeoAlyahHytQG9p6cFM8N9rxZ5BWDFVYjP/wLglGX9kuWxpBEhxa5P
 NN8rQtnyHXTR2zmTSdTsL7kOwl/t10Yakr5kKysCpDtlG5qQDUn7HzYTBRpuzUZUjFxPiY
 tqR84/N6MEYEqALRj8dXseqgUTJFSiZR/RhD8EcMP1miGEdg/Fj6K9/Uyz9feCkFEfmGkx
 cUb2m4fk7Bw73thdrl2z2cHLqBXYVv3WqzhUfF0k80Yq7Uz49w44C5968m9sFQ==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:43 +0200
Message-ID: <20240922215645.1182935-8-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 08/10] swscale/swscale_unscaled: Fix odd
 height with nv24_to_yuv420p_chroma()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: OApafpf8r5+Y

Fixes: out of array read
Fixes: 71726/clusterfuzz-testcase-ffmpeg_SWS_fuzzer-5876893532880896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libswscale/swscale_unscaled.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c
index dc1d5f35932..d403c953cc7 100644
--- a/libswscale/swscale_unscaled.c
+++ b/libswscale/swscale_unscaled.c
@@ -230,6 +230,8 @@ static void nv24_to_yuv420p_chroma(uint8_t *dst1, int dstStride1,
     const uint8_t *src2 = src + srcStride;
     // average 4 pixels into 1 (interleaved U and V)
     for (int y = 0; y < h; y += 2) {
+        if (y + 1 == h)
+            src2 = src1;
         for (int x = 0; x < w; x++) {
             dst1[x] = (src1[4 * x + 0] + src1[4 * x + 2] +
                        src2[4 * x + 0] + src2[4 * x + 2]) >> 2;

From patchwork Sun Sep 22 21:56:44 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51712
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2138763vqb;
        Sun, 22 Sep 2024 15:09:19 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUcI5F2WyXDpGODWIp6zTr7/8NHraTti+KTpokoxbJ8evWvvPtLN/7gQC9Cr4WKPIzPzA3Gk0jyCbt5uipdcx0f@gmail.com
X-Google-Smtp-Source: 
 AGHT+IE9buDd3IqNSzDOPxw4j+GV0mHJk2gKBfS7eujuF2L9s33JaUAvZ+99M9dga9goh9Tb1Oef
X-Received: by 2002:a05:6402:34d1:b0:5c3:c548:ab3a with SMTP id
 4fb4d7f45d1cf-5c4646640bfmr8235456a12.2.1727042959472;
        Sun, 22 Sep 2024 15:09:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727042959; cv=none;
        d=google.com; s=arc-20240605;
        b=lgOBQYACDyM66T67R1RjW2uaLDOVA/AO9ETo975nau3M/JxoPEbCPSS5X//ayIibXt
         VLMylrMLRm6rWaVcjP/umjSVeS8oZBzCLQFBM17nk1J9KxWqFLp5qlTdepBgGarVb5nC
         Zt+ON3+Rk8MofPw9bzY7TgqvqvB4ttGEgRw9KJTDSJ5o4j3jHO1gHX/jLenmXZbStoPP
         2dhxGJ+mK6qoGL8LNZoHbYCMj1JxzKNgFucoOQS05kR87UlUrnyfcVVt0M8G5aYhaouX
         BDo1Dv5YDXio6Du/efgRZF2gx/siN+k+bNTmVOc9teRKdlA41mPCrAJ3UxaMTRh2xgde
         +GSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=28NxTybF0o6osvbuNXLFY+Gh8N9DjsIEDXf+Yy0eUpM=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=lLh40p6g3+xgYRKv2aWqo3Nf170LWf5j4oRYsRVH0LFqi5N9sdaCa3z4EW4FPHZOID
         kLRWXW5bzyvhJ/CIJoxgzzasHW3E029Ayq5FoQFKqIelf9IkFWgKBsxmziXEzqgF0c7Z
         4M8aJosrd6kyyb/QyNl8xzNfc8W0QTZn8AdJzT7M9jnTGe/2STVN4eDeUISqOljv26Mu
         yjLKrpOrz6K1j9q9tBXg4i9/xuIXEaQgm/pSfWn3CFu5GuVnF/kzGnsOiWpU3CMajgv/
         kMIU7LVW52Bw+4wMC6DL9EHW9Dx6MHYHi13YSFJJZGnoTa9p0rV7EDD2ztbF9yD4Qiuq
         iw+g==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=lVZE0vRK;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-5c42bb5b3edsi13158686a12.152.2024.09.22.15.09.18;
        Sun, 22 Sep 2024 15:09:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=lVZE0vRK;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4588368DBE6;
	Mon, 23 Sep 2024 00:57:05 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7A34F68DB92
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:54 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id E0254E0002
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042214;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=2f9LNLAXjsW0JdkS2oNzjM8OuHmvTCSk5kb4v5DYvog=;
 b=lVZE0vRK2T8R5Vltpo/s8Tzkqkp/vyTybR2ZWlbCmFGxgFg6ABtkck8BB5XHKsIIRYGf9D
 TMTnsoiyKfznwvi7+nQhCbTkqFY3frHq6DAhD4uOrRhUbQo7LtgcjK4MAFCYB2lkKjmYNT
 Uo2dcVdfe8Otcn4T9h1Nm1fYD4YY56Z5eht1pUYUtA0/LollspeMPbKaDQBCiNQrdaBwPQ
 5jxd4qXvCSuzqWBtab5uvBY7KRvDNEXxKJS/Gy/qzRudUzXtRHOL3Fmzkg/hUg1jL+LF3P
 Eo0keByRbrm9l/ZkQByZppUkgyixMwbPRO0M4Pl+Z7yaqky0lpAsIfM4m4iP5Q==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:44 +0200
Message-ID: <20240922215645.1182935-9-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 09/10] avcodec/vble: Allocate buffer later
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 1SCAvzYKOeTc

Fixes: Timeout
Fixes: 71727/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VBLE_fuzzer-6126342574243840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vble.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/vble.c b/libavcodec/vble.c
index 4511433a6c9..c48feb9a591 100644
--- a/libavcodec/vble.c
+++ b/libavcodec/vble.c
@@ -130,10 +130,6 @@ static int vble_decode_frame(AVCodecContext *avctx, AVFrame *pic,
         return AVERROR_INVALIDDATA;
     }
 
-    /* Allocate buffer */
-    if ((ret = ff_thread_get_buffer(avctx, pic, 0)) < 0)
-        return ret;
-
     /* Version should always be 1 */
     version = AV_RL32(src);
 
@@ -148,6 +144,10 @@ static int vble_decode_frame(AVCodecContext *avctx, AVFrame *pic,
         return AVERROR_INVALIDDATA;
     }
 
+    /* Allocate buffer */
+    if ((ret = ff_thread_get_buffer(avctx, pic, 0)) < 0)
+        return ret;
+
     /* Restore planes. Should be almost identical to Huffyuv's. */
     vble_restore_plane(ctx, pic, &gb, 0, offset, avctx->width, avctx->height);
 

From patchwork Sun Sep 22 21:56:45 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 51711
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:d154:0:b0:48e:c0f8:d0de with SMTP id bt20csp2138757vqb;
        Sun, 22 Sep 2024 15:09:18 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXWCOy+Jbv5EkB/Hz14Sji3mULcGbusHyoshH1S56pFnEWTOTdhhZZkraVQC+Pq0/6ptoF8rZoWifNiC/R4iPZ0@gmail.com
X-Google-Smtp-Source: 
 AGHT+IHmrY4S22lWNw2FcrEQ74Uh4Jpyc5+Mpetz8PMrK8Oad3nP1TqLUeuirSIPP117wdb/jrLP
X-Received: by 2002:a05:6512:308c:b0:536:9efb:bb29 with SMTP id
 2adb3069b0e04-536ac32e3camr4390919e87.44.1727042958670;
        Sun, 22 Sep 2024 15:09:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727042958; cv=none;
        d=google.com; s=arc-20240605;
        b=Li4V9mKfQHj4UVPspXTuLxF7wzatTyA1BLqi83J+8Euj2uj6uRjW33MANaD4as6ATj
         AgVxgmnZnkkkhsqDohVDJwkSxsMSicUjAnZLmv9gbXko9XIm90S7lkSyNo6fspiMt9DO
         cNzkxfaXtASaI3xIWw0oaVDiuQ52ye6j2s9CnI2FsYQEiIciU/wzJ9W7ldXMadv/F86M
         +xKjDtPyqTX0c3TvFh6sIio9hl3lUczP4qOQ3NoUozYCyuWBz4r7EiLwLK4o/C9nawKW
         x1/dA0NWfVAVz6v7xMTE8Wcc5is3Rfy8eEI4pJtc7N/xrZMLQNQTnHXhgDjlNvGiT336
         JKnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=Da+mOg79HRm8aAG6nI32i3dCvVlt3qzJ6QvrqXYjVNg=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=R4IDg/uCAz6f1ZIw2b+zp5NjwF+sTxTh9G9F6TY7IGQJM93y0LHaMrneO9sxOrs747
         ICKb61im14dsAKzipY5sDDvHp7MqpCdf2Ognd8LLL38Oc0xBHWN0ND9ykHl2u3H0d+vL
         WCmjMvV7FFjrpvGgKKFlqS9BlJs/1bWnFLXLwirQMxJ2QPTDIT9U5FMthmBCx1pW2R31
         C2XyCWBkV4i4uVt34YVGYp3PYWb3zgqWH/AjGUl1tvcibMD8eul+Ccfogs5nexzOImBa
         vSGkUsKJ6+O1iCNNew95E4PJaIIpt0sut0ct2vgWlxfkmnd7zX0/4Y/LhVAECSROiqGB
         UXbQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=ON5Cl0uJ;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 2adb3069b0e04-53687042dddsi6915080e87.49.2024.09.22.15.09.18;
        Sun, 22 Sep 2024 15:09:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=ON5Cl0uJ;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6A1DC68DAE4;
	Mon, 23 Sep 2024 00:57:06 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net
 [217.70.183.198])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3693568DAF3
 for <ffmpeg-devel@ffmpeg.org>; Mon, 23 Sep 2024 00:56:55 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 94964C0003
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Sep 2024 21:56:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1727042214;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=qnXZeAsLxt+q0ncPZOCh7x9Yyxe0njCfcSNcXIj9Kyo=;
 b=ON5Cl0uJPUHteKiBZSHtROxLrQGLP4o6QFZySLaghpciRB539ecZW8ykdo44H1PSNFdYUK
 Xznp8pwzNPz0hd6Wrhr5oa5L2JGjjS+Sp6nvVLlvqPfcGudVHBj6rOs4+VJUwBRHO5CMy6
 hXgwa/32a1XzkpmOOaJUIm/92nOUaqnDnzg6lt1i7qadB13BFmt6uSixzLvMkQVGAmjY6i
 wfQyrXGS336qoCQfykj/CpenpmMkh7ZbnsOebyyeD6gIx8t6DyLD23Qs65bEiEGLmyK32F
 KDTkp/a56P28Tf9q32AaIr/6EXh1bE1l5+2qnOQPctGCV6wHGRQQV1quM54HDA==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Sep 2024 23:56:45 +0200
Message-ID: <20240922215645.1182935-10-michael@niedermayer.cc>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240922215645.1182935-1-michael@niedermayer.cc>
References: <20240922215645.1182935-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 10/10] avcodec/xan: Add basic input size check
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: sR4XHO6eOGY6

Fixes: Timeout
Fixes: 71739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_WC3_fuzzer-6170301405134848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/xan.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/xan.c b/libavcodec/xan.c
index cc0ecea5ebf..56675dbbb18 100644
--- a/libavcodec/xan.c
+++ b/libavcodec/xan.c
@@ -607,6 +607,9 @@ static int xan_decode_frame(AVCodecContext *avctx, AVFrame *frame,
         return AVERROR_INVALIDDATA;
     }
 
+    if (buf_size < 9)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
         return ret;