From patchwork Thu Aug 18 22:35:32 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 37356
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:139a:b0:8f:1db5:eae2 with SMTP id w26csp573124pzh;
        Thu, 18 Aug 2022 15:36:01 -0700 (PDT)
X-Google-Smtp-Source: 
 AA6agR4MMQZ1PKfko0LYTzNm2UvfgChF05CptfsaoI/Rd2H2nAO2VgX+i12YbaawDGDPJe/+GZ1x
X-Received: by 2002:a17:907:9806:b0:739:99c:7732 with SMTP id
 ji6-20020a170907980600b00739099c7732mr3144358ejc.508.1660862160992;
        Thu, 18 Aug 2022 15:36:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660862160; cv=none;
        d=google.com; s=arc-20160816;
        b=c8sdLqGic8hOAZxoQPV8VLiZ8Fd0WiLHjjmxvLN+yOuCY4ZWepADBCDlP4IpNTLwfW
         GcXd4gkeL8voDBVFT70HYLUyRXwoKAUUOM2Ts+rOLnqTWsYRBoRnUUuZ4buMhDiZuxKa
         ENKtzv3+arKBbeJw3ox0v5ELcgYJeGuynz+2KT74NpcIiBDi5Px7H+sgickbdYS64Vpa
         nedKv4KsXZhvEL3AuFhH2l4KE8+cO8MF6XS+Xs9qsA4pYdE/EBdPAKHxNfGh+do3xo+4
         fTdUqdFH4kAA7TpMLckqotrMDGuFOvvLliL7SQuoCqxkGteoLjnuwDbFtwsT9vvL+ln9
         p/Ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:message-id:date:to:from:delivered-to;
        bh=6AWOSgO9rYLJ7VNXrPzkVMv2VVZFmGgKZ/dybYOzS7A=;
        b=hBGvxcTQiSla5uYNc8u3f6IzGzPBXBebvmi63teHeR4bxHbgdEhe4W6iCmzOFhxcsz
         TeN4ovp2q+OHToqOddltQc0jpGZeWX8nU+WMv59YdDmvFzkKik7bkaKBIgArR6ePmOBn
         GH0vmDDgW+5DdLmGBd20Y0JUwS33S8v/OR4E9Qm2+znqIgodor3mF8YziTg5yYPtH+GI
         YVYE0netDFa6upzvSaudXP9/U4B28dic5Z52/CsGCDSzSX3TavQuR2wPHtT35bqKotZM
         CwMjxVKObQwaSKUBJuKdSlLiwTyheUTjEhsI2zqDWqSr13SsdTXDpChRl0actwMM3vrm
         IFhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 v10-20020aa7d9ca000000b0044632026ee1si407812eds.53.2022.08.18.15.36.00;
        Thu, 18 Aug 2022 15:36:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 96AB168B956;
	Fri, 19 Aug 2022 01:35:46 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-at03-1.mx.upcmail.net
 (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6D24068B8ED
 for <ffmpeg-devel@ffmpeg.org>; Fri, 19 Aug 2022 01:35:38 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1oOo6y-00GsY6-P3
 for ffmpeg-devel@ffmpeg.org; Fri, 19 Aug 2022 00:35:36 +0200
Received: from ren-mail-psmtp-mg01. ([80.109.253.241])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id Oo6yoxtTD8s8UOo6yolzmg; Fri, 19 Aug 2022 00:35:36 +0200
Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP
 id Oo6xo481ROPqFOo6xoRE3d; Fri, 19 Aug 2022 00:35:35 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.4 cv=OcX7sjfY c=1 sm=1 tr=0 ts=62febeb8
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10
 a=kCjymV7rsJuVYsGs5Z4A:9
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 19 Aug 2022 00:35:32 +0200
Message-Id: <20220818223535.13078-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-CMAE-Envelope: 
 MS4wfA3RAIXNbvKSszyQ51ZPszgVERCdfcSAELd4DSQvucCJlmwNwb3od/RhK8+fs2YVMJ/d6lO9GN7qpGSjvg6muZT0iU2TB1Nq3vv/A5TdG57ZpgG9kK6m
 H/U1QpbvJdQn8T7VJZyTFNPlvOIJhD/hMXwDMxJR35Wb3K+4u5H0aXLMyjL70V+Lq5SzZs9RP1ADzw==
Subject: [FFmpeg-devel] [PATCH 1/4] avcodec/bethsoftvideo: Pass
 GetByteContext into set_palette()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 8tgsUyE4wFGD

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/bethsoftvideo.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/libavcodec/bethsoftvideo.c b/libavcodec/bethsoftvideo.c
index a2e8f412d6..1d0f9198cf 100644
--- a/libavcodec/bethsoftvideo.c
+++ b/libavcodec/bethsoftvideo.c
@@ -51,16 +51,16 @@ static av_cold int bethsoftvid_decode_init(AVCodecContext *avctx)
     return 0;
 }
 
-static int set_palette(BethsoftvidContext *ctx)
+static int set_palette(BethsoftvidContext *ctx, GetByteContext *g)
 {
     uint32_t *palette = (uint32_t *)ctx->frame->data[1];
     int a;
 
-    if (bytestream2_get_bytes_left(&ctx->g) < 256*3)
+    if (bytestream2_get_bytes_left(g) < 256*3)
         return AVERROR_INVALIDDATA;
 
     for(a = 0; a < 256; a++){
-        palette[a] = 0xFFU << 24 | bytestream2_get_be24u(&ctx->g) * 4;
+        palette[a] = 0xFFU << 24 | bytestream2_get_be24u(g) * 4;
         palette[a] |= palette[a] >> 6 & 0x30303;
     }
     ctx->frame->palette_has_changed = 1;
@@ -85,9 +85,10 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, AVFrame *rframe,
 
     if (avpkt->side_data_elems > 0 &&
         avpkt->side_data[0].type == AV_PKT_DATA_PALETTE) {
-        bytestream2_init(&vid->g, avpkt->side_data[0].data,
+        GetByteContext g;
+        bytestream2_init(&g, avpkt->side_data[0].data,
                          avpkt->side_data[0].size);
-        if ((ret = set_palette(vid)) < 0)
+        if ((ret = set_palette(vid, &g)) < 0)
             return ret;
     }
 
@@ -98,7 +99,7 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, AVFrame *rframe,
     switch(block_type = bytestream2_get_byte(&vid->g)){
         case PALETTE_BLOCK: {
             *got_frame = 0;
-            if ((ret = set_palette(vid)) < 0) {
+            if ((ret = set_palette(vid, &vid->g)) < 0) {
                 av_log(avctx, AV_LOG_ERROR, "error reading palette\n");
                 return ret;
             }

From patchwork Thu Aug 18 22:35:33 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 37358
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:139a:b0:8f:1db5:eae2 with SMTP id w26csp573338pzh;
        Thu, 18 Aug 2022 15:36:41 -0700 (PDT)
X-Google-Smtp-Source: 
 AA6agR51KCkDf49PZhtT1Qd5wjNsICwopD8ZW6AqyG4qmkWQZmqJ9vBnxxmS2zOL9qP6CJqngYYX
X-Received: by 2002:a17:907:2ceb:b0:730:e0ce:34f1 with SMTP id
 hz11-20020a1709072ceb00b00730e0ce34f1mr3051079ejc.293.1660862201078;
        Thu, 18 Aug 2022 15:36:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660862201; cv=none;
        d=google.com; s=arc-20160816;
        b=gAIFnDhd9BQXvCB9WgdR4IQKFrO4wXUMS8rzQMOowYvhZ91lEB/0+07GgjDskg8VY9
         Ap+SYxrJEVXyONd0cYXyd7yfRDEc0+O3K9pshxpcNcHKYpFgGMXO7I7A1Eq9AwwOhoIj
         FMivu1+7TCjI7j5Ri8q1oiXrWAILgMi0zUOpyjGKmZSW4WlWP5/qXqEBIKNkBysp7nlX
         fpFbCXoyIq0nLi3NOPSsARQj05bGpcN6ntTpsLaoEbp/lXMjLA0KMNimVPOwbs9mtdbG
         jhSZvFcJW9Pgph4OyDWmV1uuDwGZtJuQvnj8vJuZQ1DEK07eI1HIrjJS5wqyl+i+8f6j
         xN7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=PtA95ffZMgWC2wXmd9Pyj5Uu9nq21zGFuq7u0eOUUL8=;
        b=sobnIaXNwlc5cGJ7c79mJVXr7lijHyS+ZX7Reo2Wj2/cO3TYaaQ7mnwmgzaFsrPKvX
         UxdsInn4++bNYNCeUHtgigO4ueT/x9CYwJnylAuXdaMpZ/jdwZzKr+cA640hNKIGkb3U
         MwQBC+5XQm8nWszKNmWxHyUnby0BcIC9pLgcFzOgiqV9Gt3zH9LBRl29xknZXZygnMuf
         vM2Ku7LvH+9V1HgkEYsNXzmB84Vhy0mQTA4kmCFiV4e9/MKlfL0kXEdawqtBjgJYGIQy
         CpWGDwteQAMiNSXLiGane78KgED6gd4H+Mz8HDuNLmeJPrOFj+bTvnYZL3qrz/pZf1+L
         uVxA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 q17-20020a1709060f9100b00738cb93ba58si1585972ejj.203.2022.08.18.15.36.40;
        Thu, 18 Aug 2022 15:36:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B687968B970;
	Fri, 19 Aug 2022 01:36:38 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-at03-1.mx.upcmail.net
 (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8A8E768B737
 for <ffmpeg-devel@ffmpeg.org>; Fri, 19 Aug 2022 01:36:36 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1oOo7w-00GsOS-1b
 for ffmpeg-devel@ffmpeg.org; Fri, 19 Aug 2022 00:36:36 +0200
Received: from ren-mail-psmtp-mg02. ([80.109.253.241])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id Oo6yoxtTm8s8UOo7wolzrY; Fri, 19 Aug 2022 00:36:36 +0200
Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg02. with ESMTP
 id Oo6yox80r8eSWOo6yony7j; Fri, 19 Aug 2022 00:35:36 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.4 cv=KKE5sHJo c=1 sm=1 tr=0 ts=62febeb8
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10
 a=o7t9aYZ6cz3oJ487DMgA:9
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 19 Aug 2022 00:35:33 +0200
Message-Id: <20220818223535.13078-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220818223535.13078-1-michael@niedermayer.cc>
References: <20220818223535.13078-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfD15tJ38s2JpgLqyrM8Eus6Juo9OSQBSiAObURoetiYGK1yA66+VY00Pwp1l0S2n8+iXnz/90GbGFwukKUemufuvcLtZjNRFZpvAtoMlfCR9eS4JnEJY
 uc2uZGmWkgsuhCimi5m813rZNa1KfVHydfmUhfU3cv4Se+0bEQr2qEdEDfkvzhTcEKsLr0ZF21OlUQ==
Subject: [FFmpeg-devel] [PATCH 2/4] avcodec/bethsoftvideo: Check block_type
 before frame alloc
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: oVy/jRFaz0gF

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/bethsoftvideo.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/bethsoftvideo.c b/libavcodec/bethsoftvideo.c
index 1d0f9198cf..dc7e2f83bb 100644
--- a/libavcodec/bethsoftvideo.c
+++ b/libavcodec/bethsoftvideo.c
@@ -79,6 +79,11 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, AVFrame *rframe,
     int code, ret;
     int yoffset;
 
+    bytestream2_init(&vid->g, avpkt->data, avpkt->size);
+    block_type = bytestream2_get_byte(&vid->g);
+    if (block_type < 1 || block_type > 4)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_reget_buffer(avctx, vid->frame, 0)) < 0)
         return ret;
     wrap_to_next_line = vid->frame->linesize[0] - avctx->width;
@@ -92,11 +97,10 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, AVFrame *rframe,
             return ret;
     }
 
-    bytestream2_init(&vid->g, avpkt->data, avpkt->size);
     dst = vid->frame->data[0];
     frame_end = vid->frame->data[0] + vid->frame->linesize[0] * avctx->height;
 
-    switch(block_type = bytestream2_get_byte(&vid->g)){
+    switch(block_type){
         case PALETTE_BLOCK: {
             *got_frame = 0;
             if ((ret = set_palette(vid, &vid->g)) < 0) {

From patchwork Thu Aug 18 22:35:34 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 37355
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:139a:b0:8f:1db5:eae2 with SMTP id w26csp573077pzh;
        Thu, 18 Aug 2022 15:35:51 -0700 (PDT)
X-Google-Smtp-Source: 
 AA6agR6WcxPHrWeSIyrPzAig0WgcEVAJSsU8L+fuqHLfM3zm/WAvXzbLJyR6VjZo538nHqlIAh9K
X-Received: by 2002:a05:6402:35c1:b0:43d:fd2c:ae15 with SMTP id
 z1-20020a05640235c100b0043dfd2cae15mr3918331edc.63.1660862151167;
        Thu, 18 Aug 2022 15:35:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660862151; cv=none;
        d=google.com; s=arc-20160816;
        b=05c8VVosT9vTFtaLtPOWd07KdOxuczmm0FPLooZQA1IeHnwautlRi2tyt5lDPLZPA/
         LTgxmccFa3/QJ+rJau9DsOZhb6DLvu4s4eNimyFI53D/LEiv9mY+y/poooCjUNqn+zHn
         rbfUvG8BtVX9gQ8MNhWmtizocTbuVLx0sdkzu4CYxYB8cmETZVLmFBO5CV1TNCwgXMLr
         TPhLMnZez+fJBa05UpZMr4HyCkOoHw2IgyoqBktEtfbR9KN+4RPOVAfkhnvecAIjGI8I
         5pvdOKtalxQa3Q5k8L96cw1WZ0jTW+CdWpgsuUkglhKysGy3ReADK6rHoO/5gotYGzVq
         vdQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=FI+D1wpXs+t/pm9Va5RpdAdT/OvZsEyuOF/HTpAkTB0=;
        b=Xz4Nsxa6qLtmzbfCSsqAsB/UrCcQ88T5iQtCVsDSQ6wGBAyP4z3b/EQTyjOwG8odxd
         KnQVj2U6gsF0tEboL7ROAXO72xFJP++mCpPKcmR5bR3Ygjx/lOz+mlidj34caXn9JSAp
         h9RQlNiWpGxYOoIn2luqtfMxgwN3Krci6G40mcEGXs+qgGNNaNkK5rLkqF3gYssPyzz2
         DUtaGNG5oolXOQs7Av7O7Ce226LwwCkZ0zFJTOqIOiL/O6D9JczgYSqB0vCkskAks2Fp
         j3OXjz6pgL9emFot+7H16EewaLK91vAyqBvZnOxEtb2Ia5IszxDDUN7Vaj5ln6jMeyBo
         z6sg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 u26-20020a50a41a000000b00445f9c5ea88si1839259edb.294.2022.08.18.15.35.49;
        Thu, 18 Aug 2022 15:35:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7E18568B8EF;
	Fri, 19 Aug 2022 01:35:45 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-at03-1.mx.upcmail.net
 (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6B79368B8DA
 for <ffmpeg-devel@ffmpeg.org>; Fri, 19 Aug 2022 01:35:38 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1oOo6y-00GsNS-Ti
 for ffmpeg-devel@ffmpeg.org; Fri, 19 Aug 2022 00:35:36 +0200
Received: from ren-mail-psmtp-mg02. ([80.109.253.241])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id Oo6yoxtTm8s8UOo6yolzmm; Fri, 19 Aug 2022 00:35:36 +0200
Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg02. with ESMTP
 id Oo6yox80z8eSWOo6yony7m; Fri, 19 Aug 2022 00:35:36 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.4 cv=KKE5sHJo c=1 sm=1 tr=0 ts=62febeb8
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8
 a=EfaNEuAiC44ZH2k_WtwA:9
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 19 Aug 2022 00:35:34 +0200
Message-Id: <20220818223535.13078-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220818223535.13078-1-michael@niedermayer.cc>
References: <20220818223535.13078-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfA3RAIXNbvKSszyQ51ZPszgVERCdfcSAELd4DSQvucCJurhlUpWuQiswA2tT+XzjCqUTget0c6XWFb8n1PMykHVnO27yc60NjpfeIHjfxKqgYq8FkTX6
 3y4R1gCC/PCXsJkJd0uI8lcjGt0LlRypPe4gXZwgBjUBKkgQNDazIQ2lorFWvqk2N2qYKM5T9pkz5g==
Subject: [FFmpeg-devel] [PATCH 3/4] tools/target_dec_fuzzer: Adjust
 threshold for bethsoftvid
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: NlmZwI+1434i

Fixes: Timeout
Fixes: 49791/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-4583956145635328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 28042077c6..0fb9328d2c 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -213,6 +213,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     case AV_CODEC_ID_ANM:         maxpixels  /= 1024;  break;
     case AV_CODEC_ID_ARBC:        maxpixels  /= 1024;  break;
     case AV_CODEC_ID_ARGO:        maxpixels  /= 1024;  break;
+    case AV_CODEC_ID_BETHSOFTVID: maxpixels  /= 8192;  break;
     case AV_CODEC_ID_BINKVIDEO:   maxpixels  /= 32;    break;
     case AV_CODEC_ID_CDTOONS:     maxpixels  /= 1024;  break;
     case AV_CODEC_ID_CFHD:        maxpixels  /= 16384; break;

From patchwork Thu Aug 18 22:35:35 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 37357
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:139a:b0:8f:1db5:eae2 with SMTP id w26csp573190pzh;
        Thu, 18 Aug 2022 15:36:10 -0700 (PDT)
X-Google-Smtp-Source: 
 AA6agR7Ef63Qd++BRwlB3PJ+Upzl/MI6DRT2xHQeO022BQymzl70DgW6PP9fcRif+m3MWPnfpfSd
X-Received: by 2002:aa7:dd50:0:b0:440:3e9d:784 with SMTP id
 o16-20020aa7dd50000000b004403e9d0784mr3800276edw.195.1660862170044;
        Thu, 18 Aug 2022 15:36:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660862170; cv=none;
        d=google.com; s=arc-20160816;
        b=WdSrdkdHLCdk7mbkrmqikdH+GhudvDaBXLcSh38zIKIUZw2UPvEl7Y77KiO304IiBv
         jfibMBUL/agzqaT/7ViIDW1HbCikZ1EaxT+oadZSjju9jYV/cbk/ltkeEAS26Kvx4U01
         t7+misqEkSn/J+OGBHNkTAHmmFRqnKuw+TUnyz52fUjeusTOSsO/g6OI7eNweVTN4K/i
         eoVA7yDikJMZxDcAq+aLPHlLCnCpZXAI7209SyH6YtAs0GdN9oGbYlKzZq0Ap7mGZ5Rr
         O6/QSo+D2LF1ydmwq3fpoxrHrFWYESWop7vCizsM4MjpjPpJjW78ftSkt5bjt58CUP1b
         awnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=zytvb0ULKN+NxRziahYy3q27DOAw6tMKBbs0g7w20OI=;
        b=lhzH/PdiOZGTR6kvYuXIemhgK0D5fgPjg6RqZ7V2xJ087xAxL2g66cYBF0bf9qTIvm
         ne/U6NEjVzPyeAnrOm3ok4gPF4kI95S+Jg93qDtxrNjnmq1xhLm0WujBzDNcNOqJiAv/
         t+atW2rVn3zgbn1kH0JXUjy4WnYLUordd7pxqrNQlEsglwG8AQ1CHKqBlzd5b7PJN+0l
         DcMJBikrds2CfLjwQ3JAusSXk/ZPL+k/ZPaQH6ZSsXdEqw8UjAdZ888p5dimbUVdJkXU
         tZ/A4WrQnb84oYBaqZ0wLNOZAz28UcM1IYzdXAtmBYrRSrkC4Q3/3OaNAGHydKPBdk2T
         6xtg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 d2-20020a50ea82000000b0043be28d93adsi1789599edo.261.2022.08.18.15.36.09;
        Thu, 18 Aug 2022 15:36:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 93FF268B986;
	Fri, 19 Aug 2022 01:35:47 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-at01-2.mx.upcmail.net
 (vie01a-dmta-at01-2.mx.upcmail.net [62.179.121.146])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6E51668B8EF
 for <ffmpeg-devel@ffmpeg.org>; Fri, 19 Aug 2022 01:35:38 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-at01.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1oOo6z-005yPt-9J
 for ffmpeg-devel@ffmpeg.org; Fri, 19 Aug 2022 00:35:37 +0200
Received: from ren-mail-psmtp-mg02. ([80.109.253.241])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id Oo6yoxtTm8s8UOo6zolzmp; Fri, 19 Aug 2022 00:35:37 +0200
Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg02. with ESMTP
 id Oo6zox8158eSWOo6zony7o; Fri, 19 Aug 2022 00:35:37 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.4 cv=KKE5sHJo c=1 sm=1 tr=0 ts=62febeb9
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8
 a=zYVVvdDyoyOwFQBKpFYA:9
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 19 Aug 2022 00:35:35 +0200
Message-Id: <20220818223535.13078-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220818223535.13078-1-michael@niedermayer.cc>
References: <20220818223535.13078-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfNrlKKIuNjOqOxSwExg1paAz+K/HMROvtDXz85aSPLccGiRKyOo21KFKKPqpp4zachj6guYAPGlGyIyipUYLdnodjWUGjNSVx0ccSuS5r7gSj4Y4EcO0
 pp+sGaJnImY1pOEc9qiRom0DkMdFXs0LvkWz6O+VK+/nnbw3p53l1XrT/2WcnVAmt308x1sXv1r47Q==
Subject: [FFmpeg-devel] [PATCH 4/4] avcodec/speedhq: Check width
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: VACib2UcCWA5

Fixes: out of array access
Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400

Alternatively the buffer size can be increased

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/speedhq.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/speedhq.c b/libavcodec/speedhq.c
index c43de4f199..ffee5f973b 100644
--- a/libavcodec/speedhq.c
+++ b/libavcodec/speedhq.c
@@ -499,7 +499,7 @@ static int speedhq_decode_frame(AVCodecContext *avctx, AVFrame *frame,
     uint32_t second_field_offset;
     int ret;
 
-    if (buf_size < 4 || avctx->width < 8)
+    if (buf_size < 4 || avctx->width < 8 || avctx->width % 8 != 0)
         return AVERROR_INVALIDDATA;
 
     quality = buf[0];