From patchwork Sun Dec 5 21:19:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 32087 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a0c:cdc3:0:0:0:0:0 with SMTP id a3csp5145640qvn; Sun, 5 Dec 2021 13:20:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJwNgLlzXnErPFULE+MafwtDpQWkDSWcOBVvN5/PjpXVPj24mGLlcvLksB1koMbHZO8aqlNZ X-Received: by 2002:a05:6402:4302:: with SMTP id m2mr47975989edc.349.1638739224105; Sun, 05 Dec 2021 13:20:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638739224; cv=none; d=google.com; s=arc-20160816; b=Ov9/g8A2bKSIIn1RDpSBESF/N1G0alZm60Ugkmd+pRRbe95kd1ZUlq1cQoVasFVs5K zaMMySt5Lu5MD7+k8TvRT6dRSMtfO0QZqiOa7Rard+7/11Z3qQa1Z9Z9kK3vqIHf//bF n2+vsiS1t4i6UjQ8ck1hZ84uYN5IV/2Mx8Ug7+BaNeHq9EhmWnqNhTR+ZWaWFf0eSyiH 9x7nu6FY0a5l9Mstr0MlhITenLByXgLGxNkbmf6oWT1v2Y8Ee8QIetkFZ88M+9h89aVK 1x7iH3KUu8ZbuwHNP5eI9hY6mzaO1otXFAoU54NI7Sdj38H4f88/K1b5VLmsOgfWQHC4 daug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:delivered-to; bh=U/F9IzJidC+vOL2lAY4XazPs7CaH3DM3dNXLkJfyJXk=; b=zYzMe2NYVDeLG/mpNc1i/2LUC6fjaZcVThdAzcRurcPXcDWheno4Ko07LXoQ8OM8Pv 2TOhF23+NUQ3n3wI/jAmc1HkxgraDvh4Qp4lUMF+Kak5F2/PWoR5spPNwrvpPUmfp/il Yd2sqSnnAvf/WlhcolKmZ3JbIhVqu0Q97xozHOGol3M2CbSukS5oWtEi22kLq6JbuxW3 1J/PPevKyDXEXW47m0HvISsohDBEiqPunVbdFY+EGrRGXg8ucX4n7G0BTGuSnsMYcpr8 KBgrEa4BPQIrNACCf4BgLICej+PrLbe1PjTRazcgR/yG4bvbzVfjNiHXNSYYVw0U01tV w9Zw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ce16si12654253ejb.5.2021.12.05.13.20.23; Sun, 05 Dec 2021 13:20:24 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B72BC689F08; Sun, 5 Dec 2021 23:20:16 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe05-3.mx.upcmail.net (vie01a-dmta-pe05-3.mx.upcmail.net [84.116.36.13]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7188C68A774 for ; Sun, 5 Dec 2021 23:20:08 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe05.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1mtyvY-002LQv-09 for ffmpeg-devel@ffmpeg.org; Sun, 05 Dec 2021 22:20:08 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id tyuZm2RMASgGFtyuZmZqPz; Sun, 05 Dec 2021 22:19:08 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=f8Q2+96M c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=tmNr3_pU3QajR3og:21 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=NEAV23lmAAAA:8 a=i-pOUFe3lJeFySpJwgoA:9 a=QyQtT3pqVO38aunEuior:22 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 5 Dec 2021 22:19:01 +0100 Message-Id: <20211205211907.30010-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 X-CMAE-Envelope: MS4wfA78OTeQ1Gwn8l2Mqga9D52HMwO3okBQ67D3LJlb/ioe+xzMhuuhAszYtgA2N45OuC/wuC0+WHJJqfCaXpxsj0oLHIv+IkGvT5hM7YU9oU/9hhtTYI9G CmlsG5asL4V+9HbtUUKhuQ+UeU/gJGJ/s0RgR0F15sr90g4sGg76ot1+ Subject: [FFmpeg-devel] [PATCH 1/7] avformat/vivo: Do not use the general expression evaluator for parsing a floating point value X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ojZVIqGH8wTj Content-Length: 1353 Fixes: Timeout Fixes: 41564/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVO_fuzzer-6309014024093696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/vivo.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavformat/vivo.c b/libavformat/vivo.c index b2904cd25a7..8e819d910b7 100644 --- a/libavformat/vivo.c +++ b/libavformat/vivo.c @@ -206,11 +206,12 @@ static int vivo_read_header(AVFormatContext *s) return AVERROR_INVALIDDATA; value_used = 1; } else if (!strcmp(key, "FPS")) { - AVRational tmp; + double d; + if (sscanf(value, "%f", &d) != 1) + return AVERROR_INVALIDDATA; value_used = 1; - if (!av_parse_ratio(&tmp, value, 10000, AV_LOG_WARNING, s)) - fps = av_inv_q(tmp); + fps = av_d2q(1/d, 10000); } if (!value_used) From patchwork Sun Dec 5 21:19:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 32079 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a0c:cdc3:0:0:0:0:0 with SMTP id a3csp5146098qvn; Sun, 5 Dec 2021 13:21:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJzBJURYc087eSu3xa2QCiLkeKkHnNZ8keoUc0xJB9ndsT+dRh7fSJV5H23gkpi3XtsFYzje X-Received: by 2002:a05:6402:1d50:: with SMTP id dz16mr47216515edb.385.1638739260420; Sun, 05 Dec 2021 13:21:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638739260; cv=none; d=google.com; s=arc-20160816; b=GnIACv0mtZg+X28R4YrZVRi8SlHfDAbe3B7iwdNR1ijJ1TtTeUDe8K75s3MZJmjLZH BLBAxTFyho5WMF/s+MtdQlf7Wr9cvnuOA0Z5dZMvzCDE74Sr1OA7bhIUR+NUdsjjL/FC 87Amt9MQNTRGW35dGPo32QhWYYEP/Zqvn3Oeq18sY8g5hr18KmupXcZt6Yc6D5Akc9+L Y2d950YHPYZeOSulFaABlw6lQFrumCDTgGU+qOwmbbyzLIq53K6w1jWfIl5fFUgmxD4N i8CfHI09Rch9X3VNBBa0KM75SW81MJLFxjoYdx20F3pv8CZcNG6RNFj7GY0q5bVQrjLD zygA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=kkcW5xdUn2vj2mMzltb942o6tH4tC7a0FuzVnI2WCjc=; b=qnhvLZ9NyQy2hU5VBexUTChGZcP8aKxVayrxWIvpfaDZrVPRpoAQJ0Cyhw8BXijrzQ wB3j9vJ/EzfnpYYqzLWVjE+4zMpWksuDjsmUh9OkVAHTvfIZDPzYkAu0Zw2rFKvRqIkY zDSUEdPwuf95nNQ0yu3+qRv06ebFvQ5+ZTLlebNL9YNcWE/4lGRWlcNeoDjvf53xRoVW 0vvEqmiD/CA5Rx8KmBGUf8uGRSFFyjN/CcjvkEF9NrnnYYyL7jgQUhmrzd7iM/Fufb5V /bH7jIOF1FTxc5fOt6oe3VIDboSWW7xpOzAGSlzZaj2wl+0aTJNmchKk5l2kR//BHQrA KNWw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id dn8si23794089ejc.146.2021.12.05.13.20.59; Sun, 05 Dec 2021 13:21:00 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 938FD68AFCB; Sun, 5 Dec 2021 23:20:20 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe02-2.mx.upcmail.net (vie01a-dmta-pe02-2.mx.upcmail.net [62.179.121.158]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 74F1868AF7E for ; Sun, 5 Dec 2021 23:20:08 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1mtyvY-002iHp-0A for ffmpeg-devel@ffmpeg.org; Sun, 05 Dec 2021 22:20:08 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id tyuam2RORSgGFtyuamZqQj; Sun, 05 Dec 2021 22:19:08 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=f8Q2+96M c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=Now02a8eOhn1oTiHOGUA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 5 Dec 2021 22:19:02 +0100 Message-Id: <20211205211907.30010-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20211205211907.30010-1-michael@niedermayer.cc> References: <20211205211907.30010-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfA78OTeQ1Gwn8l2Mqga9D52HMwO3okBQ67D3LJlb/ioe+xzMhuuhAszYtgA2N45OuC/wuC0+WHJJqfCaXpxsj0oLHIv+IkGvT5hM7YU9oU/9hhtTYI9G CmlsG5asL4V+9HbtUUKhuQ+UeU/gJGJ/s0RgR0F15sr90g4sGg76ot1+ Subject: [FFmpeg-devel] [PATCH 2/7] tools/target_dem_fuzzer: Test interrupt callback X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: l19T+tiq7jCq Content-Length: 1296 Signed-off-by: Michael Niedermayer --- tools/target_dem_fuzzer.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c index 3c03c8d17c0..6ee793a28ba 100644 --- a/tools/target_dem_fuzzer.c +++ b/tools/target_dem_fuzzer.c @@ -34,6 +34,13 @@ typedef struct IOContext { int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int64_t interrupt_counter; +static int interrupt_cb(void *ctx) +{ + interrupt_counter --; + return interrupt_counter < 0; +} + static void error(const char *err) { fprintf(stderr, "%s", err); @@ -160,6 +167,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { *strchr(extension, ',') = 0; av_strlcatf(filename, sizeof(filename), ".%s", extension); } + + interrupt_counter = bytestream2_get_le32(&gbc); + avfmt->interrupt_callback.callback = interrupt_cb; } if (!io_buffer_size || size / io_buffer_size > maxblocks) From patchwork Sun Dec 5 21:19:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 32075 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a0c:cdc3:0:0:0:0:0 with SMTP id a3csp5145940qvn; Sun, 5 Dec 2021 13:20:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJyd0Au5Cki4HcD9/GUUVQnft4gyythVd4VK2ag8gpWL/mOpp7qmvOwNYeT0k8onj443s5S6 X-Received: by 2002:a17:906:4fc7:: with SMTP id i7mr41438588ejw.514.1638739247311; Sun, 05 Dec 2021 13:20:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638739247; cv=none; d=google.com; s=arc-20160816; b=In6wuxGfn97RegrgxJ1HxAx+lHdnnxesuJAWB3NRB3aILDE9ZlZ6vbJHlwRFfj4jjA GG1UgbgmjZ75OEGSrCtmaMuajfSL/Ay6HRUjzcUATMbxikcB3xIy6IJ/ergVA2im2LKR kWx+JvxtukqGAYAUKgUwOLzuCraFGPoSvpci9HSQxLAvswhhsYMKI0G69GZWC4VxmcYx zPPzxyHumdgD+9PqFUx7y50Qt2457L6AKeda1vJ/CGL7vexQsa6nb2ugLxP00pcqKsHC TIlxRf+lSyoTz0QrPF37Soqjswu4uq2yDuuoDRjqECQOAf5iX56AlYFJOHMjj3Gw6/EX Nilw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=HsFYvOlVxphrOyFyQ7Dt6fxZnLsTmNQFgRaGh7xgLwo=; b=uJAdK6gNf222bhBZ2/mK++HqhA+TCgV5H0yU6xv0cUkXYeAaC9ih6iKgf6E0I+rdV/ 7A+nWOy3E7/++xACVQOEs97Wut4lveOODC64xHn/PAA7BhnRtjgR8eM3M0OsrvXgW+zN 4mqmo9ZodqstBuaRKMiVSt9UoojAbDzALTJvDSvCWzK30Vl/lS5nDdYyNZDPP84mRxUi gPuNzpaQi0gSDuNVT7hntA+SrWRtnzH7i9YjXMQkypecJIi/avIGRTjs5Mz1TAZqzxmI QKDtIGQx1ReLnT+OJ2aDcDL6y+Ut6lW+0WfjC5aIdHfmyEqJaqAxFrcNsY2gKTVpJGFW nNXg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id lj6si13136083ejb.258.2021.12.05.13.20.47; Sun, 05 Dec 2021 13:20:47 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3546368AFBA; Sun, 5 Dec 2021 23:20:19 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe02-2.mx.upcmail.net (vie01a-dmta-pe02-2.mx.upcmail.net [62.179.121.158]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 73FAC68AF77 for ; Sun, 5 Dec 2021 23:20:08 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1mtyvY-002iU9-0A for ffmpeg-devel@ffmpeg.org; Sun, 05 Dec 2021 22:20:08 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id tyuam2RPISgGFtyuamZqR2; Sun, 05 Dec 2021 22:19:08 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=f8Q2+96M c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=NEAV23lmAAAA:8 a=IF96J-DQXDkPieHGh9AA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 5 Dec 2021 22:19:03 +0100 Message-Id: <20211205211907.30010-3-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20211205211907.30010-1-michael@niedermayer.cc> References: <20211205211907.30010-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfA78OTeQ1Gwn8l2Mqga9D52HMwO3okBQ67D3LJlb/ioe+xzMhuuhAszYtgA2N45OuC/wuC0+WHJJqfCaXpxsj0oLHIv+IkGvT5hM7YU9oU/9hhtTYI9G CmlsG5asL4V+9HbtUUKhuQ+UeU/gJGJ/s0RgR0F15sr90g4sGg76ot1+ Subject: [FFmpeg-devel] [PATCH 3/7] tools/target_dem_fuzzer: Force interrupt for HLS X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: HpL2kfOoap4J Content-Length: 1159 Fixes: Timeout Fixes: 41580/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5059099224571904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- tools/target_dem_fuzzer.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c index 6ee793a28ba..687989ccc89 100644 --- a/tools/target_dem_fuzzer.c +++ b/tools/target_dem_fuzzer.c @@ -172,6 +172,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { avfmt->interrupt_callback.callback = interrupt_cb; } + // HLS uses a loop with sleep, we thus must breakout or we timeout + if (!strcmp(fmt->name, "hls")) + interrupt_counter &= 31; + if (!io_buffer_size || size / io_buffer_size > maxblocks) io_buffer_size = size; From patchwork Sun Dec 5 21:19:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 32080 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a0c:cdc3:0:0:0:0:0 with SMTP id a3csp5145693qvn; Sun, 5 Dec 2021 13:20:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJyM1GM7XIKtYKfA2kxtvOAKMPyAfHe4nzEahZljA3oyTe0Pfuux7RfsLSLf4nlS3es32Lrk X-Received: by 2002:a17:906:f44:: with SMTP id h4mr42438467ejj.113.1638739229661; Sun, 05 Dec 2021 13:20:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638739229; cv=none; d=google.com; s=arc-20160816; b=G5CHWAGQZFOu8mv3ec0DRe4PYEBOxAPQZ9jqvG2Dpjyg9M4StCO7n1CiJsR1CXGG5I XFJTniWULFDNGSjFyS4WvT3ajc7bCW7gXekVv6lMn4wWbVyvWueUAbgrtYpWXA+Zyk5i f8MSaSJdwGMDk2SL41UZ5gX1/SkrLTBHns0pDpfoXI/bdBwPwf4re4JTc/zWX+GTMzio wddu0CTR+5s9wPtFoVRQ2h5mIk4+Vx/ipsr8eZOmAMi/THZyytP3EdUpUovzmt1zVGLp Mjk8iju8QVEWuYD91uB+odEvNtUNbghY/JS3Ke/ju/FjjPhWijj1Dfd/eRIpMD70aoPe vOzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=hCw/Rmunxj2/9lkJCCd2tlAz3cZSHALTZQ5IyzZJ6Dg=; b=ajU7N+tObUJOP4mIjQaiZdszt0ybbpV0zwzLaQRB/xDT2ocmOCf8fofF7g5C9pGY5J jRoul0q3N1lHK8SPSjvUZyFktyBn2c2NM6HPlPdoFEPry8zK269hUESyEWHW3lw3JRfS W3FlXKPgmbaoVCCv1fe+bXq6k+k5yz6j4ZMT1WvpXkviHGJYyt0doMRme6rojH4wN9Vd 3QEQprXwjTlhqq2PUGU3TJTzn//uODKYZ7dV2hu/zxiNtQoFY09rKumwmMv6BnFnMm/k P3O2qCIMB9eURXCCP1CMUhQYXssLIxloZ4VpAxuLF18HpAfbwA98OF6ADnGBEKlWEqvn 9/lg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id y8si18619890edd.474.2021.12.05.13.20.29; Sun, 05 Dec 2021 13:20:29 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3324868A774; Sun, 5 Dec 2021 23:20:17 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe02-2.mx.upcmail.net (vie01a-dmta-pe02-2.mx.upcmail.net [62.179.121.158]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 72E6468AF51 for ; Sun, 5 Dec 2021 23:20:09 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1mtyvZ-002iU9-0N for ffmpeg-devel@ffmpeg.org; Sun, 05 Dec 2021 22:20:09 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id tyuam2RQBSgGFtyubmZqRR; Sun, 05 Dec 2021 22:19:09 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=f8Q2+96M c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=NEAV23lmAAAA:8 a=rRB_DZY_UDNlg9q7E3EA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 5 Dec 2021 22:19:04 +0100 Message-Id: <20211205211907.30010-4-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20211205211907.30010-1-michael@niedermayer.cc> References: <20211205211907.30010-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfM9bHoUqYy7fN1cmKb6p2j+CUh0x9J7iZ1o/ko8zes5HlHs3PMN0nlNYnyRWFEX7rc/6HFlbXWp5G7gdEJ+s3AfV6C+31IfoglQ0ezbg0fa4z4ako/+I rb+SGhCMwP4AVbXmF6rygjKL9l0BpVKIngVHsn8gEnnUM/dSo+gHEHlr Subject: [FFmpeg-devel] [PATCH 4/7] avformat/4xm: Consider max_streams on reallocating tracks array X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Hjh01v4We8Oj Content-Length: 1161 Fixes: OOM Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/4xm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/4xm.c b/libavformat/4xm.c index f918b1fc572..5cbae7053d8 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -137,7 +137,8 @@ static int parse_strk(AVFormatContext *s, return AVERROR_INVALIDDATA; track = AV_RL32(buf + 8); - if ((unsigned)track >= UINT_MAX / sizeof(AudioTrack) - 1) { + if ((unsigned)track >= UINT_MAX / sizeof(AudioTrack) - 1 || + s->max_streams && track >= s->max_streams) { av_log(s, AV_LOG_ERROR, "current_track too large\n"); return AVERROR_INVALIDDATA; } From patchwork Sun Dec 5 21:19:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 32083 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a0c:cdc3:0:0:0:0:0 with SMTP id a3csp5145853qvn; Sun, 5 Dec 2021 13:20:41 -0800 (PST) X-Google-Smtp-Source: ABdhPJz9Piv2uSHjEO/lFAH8zZp2wcetcdc2eUUfgn1XJuLC4uK3cMi8FF1E/egBOAA7jTkoN9Pz X-Received: by 2002:a17:906:fcb0:: with SMTP id qw16mr38511375ejb.495.1638739241431; Sun, 05 Dec 2021 13:20:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638739241; cv=none; d=google.com; s=arc-20160816; b=FjygXaMoaRcvSSENq1YMASoYSMilGAGSvN1YLIdUiRWW1hLcgLeJli9NGDPSrMz5xq SHk3E/hHq6FgfTtIGM1UuDnr81mL56lusGvkE6QziVGSuKdSFW407GEAmM3PG9gwfZRF X+lHblMvGuIk96Vy/xJMIQJdLW1xQv4yxwvmOI0ccbcmjanlISUJw1SPZy/vOXG+05Xw epay5N++YKcAZKuIcxl0qlwxVzQ8uhtQgeClPThQmeWykch44gtY6UqBM2X31B/RUJqb YlXzl7OmQqCv4YxBQb2Mr7QBD6NK/vqxiUgIE3IE/gPfaK3MntwQTwPdh9dLLu4dKE27 r8KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=9OQFqw5+Ey74RIyg33IasEATbyuM6+6SrYP0Ap2KGcU=; b=V1+W2Q5+tJG3re7/csPDZxitQeRnqPxsW84dmAHqQhkrMJvkMhuSVngWUr7vviu5WL kogzre8aIi+JM3JEJzqDZwd2d7GcJ505+waHM8rgpxiKANViyAp/qHAZiJmdKYKeoW3r GHfuF+XoFdtePegqadX/SvLqkBQNmzfq9QtV+j+BsS1IVXXossPT851nSE4kDkoA7pS/ lLHfBVOkWp5v0ciUxebQaUlMCWMYwNH1r2BzEc03I0OzZxXqKAoJKz9hpCxDqx7sQfTX i5kN96pt1QGao8/Md3V5p5ZPfgZcebVMolE+nK+Pbi/vHLAH4XaCICexVxAHcYOH6hTk LwbQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id bm27si12960789edb.294.2021.12.05.13.20.41; Sun, 05 Dec 2021 13:20:41 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B3EE368AFB3; Sun, 5 Dec 2021 23:20:18 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe05-3.mx.upcmail.net (vie01a-dmta-pe05-3.mx.upcmail.net [84.116.36.13]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 747F068AF7B for ; Sun, 5 Dec 2021 23:20:09 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe05.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1mtyvZ-002Lso-0M for ffmpeg-devel@ffmpeg.org; Sun, 05 Dec 2021 22:20:09 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id tyubm2RQySgGFtyubmZqRj; Sun, 05 Dec 2021 22:19:09 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=f8Q2+96M c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=NEAV23lmAAAA:8 a=V7WDoyOxxKVwJsqkHRsA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 5 Dec 2021 22:19:05 +0100 Message-Id: <20211205211907.30010-5-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20211205211907.30010-1-michael@niedermayer.cc> References: <20211205211907.30010-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfM9bHoUqYy7fN1cmKb6p2j+CUh0x9J7iZ1o/ko8zes5HlHs3PMN0nlNYnyRWFEX7rc/6HFlbXWp5G7gdEJ+s3AfV6C+31IfoglQ0ezbg0fa4z4ako/+I rb+SGhCMwP4AVbXmF6rygjKL9l0BpVKIngVHsn8gEnnUM/dSo+gHEHlr Subject: [FFmpeg-devel] [PATCH 5/7] avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: fJHg4sOIJT9P Content-Length: 1028 Fixes: memleak Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index c231c944c01..1d501982793 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1111,6 +1111,9 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg { int i, length; + if (segment->temporal_offset_entries) + return AVERROR_INVALIDDATA; + segment->nb_index_entries = avio_rb32(pb); length = avio_rb32(pb); From patchwork Sun Dec 5 21:19:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 32078 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a0c:cdc3:0:0:0:0:0 with SMTP id a3csp5146187qvn; Sun, 5 Dec 2021 13:21:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJzwVkguMMvJiced8znF1qIJhFreSJWciVpkWMo7KiOmeYz0SiHWqEzM1b8SsYoVI/8YVc5l X-Received: by 2002:a17:906:d108:: with SMTP id b8mr40299979ejz.531.1638739266324; Sun, 05 Dec 2021 13:21:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638739266; cv=none; d=google.com; s=arc-20160816; b=jSCDjwCWtpDfjs0WPG8DxKOsgGJBFbvKpuZg4riwLV1mXeUSfQj6oYdjqYovggCtsR uSiKqTSAAxXyCKIvAtqI/Fcc8vmRCI32wcOcRbB5prlwblqP4FgEVmPGpCfVwz+abdc1 oi+VyaI9JLT5wyeXEMRIPpXlF5YrQZsRdXV0jRK2hRn1Rz+1CWObziJVxPc1sybFRqGM 6QJzNwz9ub9A3S2d8P34OYbV6kr6LVPQ3/rdkZlTFge5AeLpLPitT+ip+VkMpQpLAfO6 UWTPVq6K7H6NLGWX/e2Xmxk3qD8kvx6b9oIjFgWco7qdE/n87W9X1v73hzKa2hQEOiwm P1yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=I20V4aa13wYIeY1ZeovYaW2LNpuvEKOY53A0fT80oI8=; b=014VN3RCTPV7TqddRTMpjyGjVNpFPhYvELht0pp9skmuhhgH1nu7epd2olZ3FamzUk lP4HP4OLCMrgLVtt1jBUkIwuz363B9DTleCqKkvm/nZaOydMv0ejo4iqn1C9Rm/AMVWF x8i3hPIQWWpC9rCfvngD7AgkWJshdgDp0fQNT7mNwvdkc0bcWW8KO9tANwS1oD3P9YhF WPlJPgmSWtZPIpGSg8Vjv5VrtDdB9rK4HkRsyrNi9PnnGajUW70co9G1zgE3xva+lZIP GymFqAqznzgbXZLDYvpzQC7hy5HYNCqb3yrMF+1y43M7eaAvYig/KuJIMbh9Rk7SaRx5 cGUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id d18si16138025edj.153.2021.12.05.13.21.05; Sun, 05 Dec 2021 13:21:06 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1DDD368AFD1; Sun, 5 Dec 2021 23:20:21 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe03-2.mx.upcmail.net (vie01a-dmta-pe03-2.mx.upcmail.net [62.179.121.161]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C630D68AF7B for ; Sun, 5 Dec 2021 23:20:09 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1mtyvZ-00EUPs-0M for ffmpeg-devel@ffmpeg.org; Sun, 05 Dec 2021 22:20:09 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id tyubm2RRuSgGFtyubmZqS2; Sun, 05 Dec 2021 22:19:09 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=f8Q2+96M c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=NEAV23lmAAAA:8 a=iNWyPU-ifmuHIWGYFD4A:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 5 Dec 2021 22:19:06 +0100 Message-Id: <20211205211907.30010-6-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20211205211907.30010-1-michael@niedermayer.cc> References: <20211205211907.30010-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfM9bHoUqYy7fN1cmKb6p2j+CUh0x9J7iZ1o/ko8zes5HlHs3PMN0nlNYnyRWFEX7rc/6HFlbXWp5G7gdEJ+s3AfV6C+31IfoglQ0ezbg0fa4z4ako/+I rb+SGhCMwP4AVbXmF6rygjKL9l0BpVKIngVHsn8gEnnUM/dSo+gHEHlr Subject: [FFmpeg-devel] [PATCH 6/7] tools/target_dec_fuzzer: adjust threshold for gem X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: h8glbGQ9tY1M Content-Length: 1293 Fixes: Timeout Fixes: 42035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GEM_fuzzer-5033604191748096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- tools/target_dec_fuzzer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index b862d7a3a41..0c59242e3e4 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -166,6 +166,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { case AV_CODEC_ID_FLAC: maxsamples /= 1024; break; case AV_CODEC_ID_FLV1: maxpixels /= 1024; break; case AV_CODEC_ID_G2M: maxpixels /= 1024; break; + case AV_CODEC_ID_GEM: maxpixels /= 512; break; case AV_CODEC_ID_GDV: maxpixels /= 512; break; case AV_CODEC_ID_GIF: maxpixels /= 16; break; case AV_CODEC_ID_H264: maxpixels /= 256; break; From patchwork Sun Dec 5 21:19:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 32088 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a0c:cdc3:0:0:0:0:0 with SMTP id a3csp5146344qvn; Sun, 5 Dec 2021 13:21:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJxrYkV572rpfjINe5bhIJlAKBLU+cC1NRHM8IH8gytVWCbO7vEpX8Mib2jh6D2NpHKK7aCj X-Received: by 2002:a17:907:3d94:: with SMTP id he20mr42145834ejc.75.1638739279415; Sun, 05 Dec 2021 13:21:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638739279; cv=none; d=google.com; s=arc-20160816; b=1LRB/Sqkylg+/kuT0JDEpJ78LisxTMa1cF/9SP01bV8EGauOllQdvUNaL2AXcz6tQL A2ruTJ1hUUAAWJg5TLuZdrNj9oL/r/t7aAyxN/hvQ0D/Ur/nooxWR/hacU6Si7vlrMpU NdWtnmC/AoMQpNxb/q3VPYTTrZ0qwOL3ksk9IwK7FsEoz28xWPPSGQCoCf5sKpQx62yo FSzAKuqfnXeFiufRf6lV+9+71UfDE2MeHoTdmISfNj7bIo1FQgd1PLhd7mOXHgJs7CI8 AojW7f4+EPUF6QuoASgKZPUmA8h3IoGTOPyeiWcSI8u2d/J72l+IZKjePLgd4NQ+cwoj RvWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=j4Rgx+CBppC2BbpEEICCZd0K7AMo7UK0ESmTb6uBHuE=; b=J60FIEPz9F6XpmoVw2vZZUjbe6kj9CzuTds55zWiFkJ1i+0PuJJhcYe5B/0OTYOVLm 9pWPoyL/TVDysP8KG/fjmpzT//XO4kIIYwaOQe4ryouZLsJ8BvR+2qSpJhF5O3PWZXQM ZhP55SSZwDQPLvorqOhZuJsQRcn3L+opjAgOaBowErqMiMHQOvv7PQvEu9tZQ2+NNQv1 Np2hnc+8Emh4Ydf0fG4jHOxOfLKU+VK7gJybdHnWIoLq1ABbUzR9xjo2k0Z+SIHS/Rx6 EU7wvV/5gMSKjhHNVZ4JyxpLpzMSf4vIKnvQ11HNkGZD0j34OVj6YgzjlS9KUQEXFLC5 Bk2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id jz26si14753145ejc.693.2021.12.05.13.21.19; Sun, 05 Dec 2021 13:21:19 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8501468AFE1; Sun, 5 Dec 2021 23:20:22 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe05-3.mx.upcmail.net (vie01a-dmta-pe05-3.mx.upcmail.net [84.116.36.13]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5B1C768AF7B for ; Sun, 5 Dec 2021 23:20:10 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe05.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1mtyva-002LQw-08 for ffmpeg-devel@ffmpeg.org; Sun, 05 Dec 2021 22:20:10 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id tyubm2RSlSgGFtyubmZqSM; Sun, 05 Dec 2021 22:19:10 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=f8Q2+96M c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=Ow1tM2tnXXMS_s2wjr8A:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 5 Dec 2021 22:19:07 +0100 Message-Id: <20211205211907.30010-7-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20211205211907.30010-1-michael@niedermayer.cc> References: <20211205211907.30010-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfFIgd50XM/xsKIhTPFWmUinAIGGh9hrqFwWWFqZYuFINkARdoyDZPxZbEgCA/kSh2oh9VcUQGK9HLbizHeZKeMjKwYfQ9Wd3D42PwkL4pNn7tt1lUPIQ E7HEradefYT7FHswfjuAaMtVq6TXLARtRQiRQNUnQ5alJ519a5ioLCG7 Subject: [FFmpeg-devel] [PATCH 7/7] avcodec/gemdec: Move all support checks before before image allocation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: izxgEFei7Bcc Content-Length: 3207 Signed-off-by: Michael Niedermayer --- libavcodec/gemdec.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/libavcodec/gemdec.c b/libavcodec/gemdec.c index eee21a50d4b..fd14b22390c 100644 --- a/libavcodec/gemdec.c +++ b/libavcodec/gemdec.c @@ -157,10 +157,22 @@ static int gem_decode_frame(AVCodecContext *avctx, if (header_size >= 11) tag = bytestream2_peek_be32(&gb); - if (tag == AV_RB32("STTT") || tag == AV_RB32("TIMG") || tag == AV_RB32("XIMG") || - planes == 1 || planes == 2 || planes == 3 || planes == 4 || - planes == 8 || planes == 16 || planes == 24) { - } else { + if (tag == AV_RB32("STTT")) { + if (planes != 4) { + avpriv_request_sample(avctx, "STTT planes=%d", planes); + return AVERROR_PATCHWELCOME; + } + } else if (tag == AV_RB32("TIMG")) { + if (planes != 15) { + avpriv_request_sample(avctx, "TIMG planes=%d", planes); + return AVERROR_PATCHWELCOME; + } + } else if (tag == AV_RB32("XIMG")) { + if (planes != 1 && planes != 2 && planes != 4 && planes != 8 && planes != 16 && planes != 24 && planes != 32) { + avpriv_request_sample(avctx, "XIMG planes=%d", planes); + return AVERROR_PATCHWELCOME; + } + } else if (planes != 1 && planes != 2 && planes != 3 && planes != 4 && planes != 8 && planes != 16 && planes != 24) { avpriv_request_sample(avctx, "planes=%d", planes); return AVERROR_PATCHWELCOME; } @@ -184,14 +196,12 @@ static int gem_decode_frame(AVCodecContext *avctx, palette[i] = 0xFF000000 | r << 16 | g << 8 | b; } } else { - avpriv_request_sample(avctx, "STTT planes=%d", planes); - return AVERROR_PATCHWELCOME; + av_assert0(0); } } else if (tag == AV_RB32("TIMG")) { bytestream2_skip(&gb, 4); if (planes != 15) { - avpriv_request_sample(avctx, "TIMG planes=%d", planes); - return AVERROR_PATCHWELCOME; + av_assert0(0); } } else if (tag == AV_RB32("XIMG")) { bytestream2_skip(&gb, 6); @@ -215,8 +225,7 @@ static int gem_decode_frame(AVCodecContext *avctx, row_width = avctx->width * pixel_size; put_lines = put_lines_bytes; } else { - avpriv_request_sample(avctx, "XIMG planes=%d", planes); - return AVERROR_PATCHWELCOME; + av_assert0(0); } } else if (planes == 1) { palette[0] = 0xFFFFFFFF; @@ -244,7 +253,8 @@ static int gem_decode_frame(AVCodecContext *avctx, planes = 1; row_width = avctx->width * pixel_size; put_lines = put_lines_bytes; - } + } else + av_assert0(0); ret = av_reallocp_array(&avctx->priv_data, planes, row_width); if (ret < 0)