From patchwork Sun Oct 22 00:35:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44301
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:1b28:b0:15d:8365:d4b8 with SMTP id
 ch40csp662634pzb;
        Sat, 21 Oct 2023 17:35:34 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IERTFZC48GeI44ZtHIXHpkjZHXfsZICBetD8kiEE2I8tNbRP8mOviYw51v3qUYTA7BZm0qu
X-Received: by 2002:a17:907:728b:b0:9be:481c:60bf with SMTP id
 dt11-20020a170907728b00b009be481c60bfmr4346369ejc.55.1697934934364;
        Sat, 21 Oct 2023 17:35:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697934934; cv=none;
        d=google.com; s=arc-20160816;
        b=PHWpbtG80C0DoBZVzEPKH01ec9LZu2/Y50dOLCbuIAYdN5lQxXtKbjm4jaZ/fKC7ya
         4tnJQUKbUAJJbq+oSNg6aFCaAxddD6VEdagk+Vsqcy8ELIqi9k0GzKDIVU4Zs4u+I2Q+
         VUaa9WoDr+onNiADfP/NQH2Pxhen+QZU7os21qpd+VaIEJylSWJhjqEEHgFYQ0N2JNii
         DLeEV1/wWB9/34AqK3eSwKeOCvv30+I3m+IlP8OegaQAjKQXq0Nh0mVztlT2yzkMwOTK
         2b7/DzZ32GgChMAotfdAoMa8dlZf5GMDs5dNwwUp7/7KETC/X8A27mBdREWgHv45my3K
         bFLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:message-id:date:to:from:delivered-to;
        bh=/nd0+Oz1Or05dKh8yweWUiJJl1chO0Hm1uoSYgcbGOU=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=V5eQsMdqmjWryNZ+X1C/gUPPkOllKzKnMQCAv2af17Rj1sk+zKjpU4l6/9EnSfBBvC
         +k+9JDCP92FTekcmC+ALL/hUxMbMa+S6fkDEBZXOhIBGpLt57Ps+M/Am9SI3TZtegelr
         tcG3eSHZDAB41TMRm6j4uawXMZSGM00cFFpTqBB9trphk8n7NUPyQ65hTNh5FBwUCl06
         oEDKDDpwMbZD4S4dSEN0+qeInH1CjER+N8+PWunqDZLlFuqNhx44aZXEZOSyI9EBQCjI
         DwVqfjZrwmxohNC5Md8rktMQBiJH1x9iZ6AxSQ2BN5jQ0j5zVOYczZiIj9c6pxqFPvj4
         X19w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 du8-20020a17090772c800b009c7558b2a52si1935056ejc.493.2023.10.21.17.35.32;
        Sat, 21 Oct 2023 17:35:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5BE5C68CA3C;
	Sun, 22 Oct 2023 03:35:28 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net
 [217.70.183.195])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A4EA668C78E
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 03:35:21 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 0374560002
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 00:35:20 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Oct 2023 02:35:15 +0200
Message-Id: <20231022003520.17154-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 1/6] avformat/mov: Check that
 is_still_picture_avif has no trak based streams
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: Z1fIALLN9T6y

Fixes: Assertion failure in mov_read_iloc( in mov_read_iloc())
Fixes: 62866/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5282997370486784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 2f29487beb8..e8efccf6ebf 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4628,6 +4628,10 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     MOVStreamContext *sc;
     int ret;
 
+    if (c->is_still_picture_avif) {
+        return AVERROR_INVALIDDATA;
+    }
+
     st = avformat_new_stream(c->fc, NULL);
     if (!st) return AVERROR(ENOMEM);
     st->id = -1;

From patchwork Sun Oct 22 00:35:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44302
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:1b28:b0:15d:8365:d4b8 with SMTP id
 ch40csp662664pzb;
        Sat, 21 Oct 2023 17:35:44 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEClk+BPrkE/xJ6C5Dws1+1ID/ZuuWgx31hyk/cBNE7zLTE+oyeJVxVYMx13N1NubRaxBOL
X-Received: by 2002:a05:6402:26cc:b0:53f:f908:eda8 with SMTP id
 x12-20020a05640226cc00b0053ff908eda8mr2556176edd.4.1697934943876;
        Sat, 21 Oct 2023 17:35:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697934943; cv=none;
        d=google.com; s=arc-20160816;
        b=fsxUEZvGPvHCrVEuBAJssKAWPJS3e8xoVf758eJl5w4HGbhS6g0CYvORXNcHNuhF6C
         YTgKJfxiFee7BOijCE+xqLJBn7YiJvID8sZoP6O18TQLxb9ruFFSINkY+A1ytdR+IsVJ
         ap7JRlnf7o13Q5oZ0//t0FBmfVNRoZykaCcvfRZp0iCkBMPLZQ/usCqPbSAjOk5464vZ
         ihLi206JKesf2TrFiCml1oF3K5i+NqD9rJb3EQD9AlPYJivuPjzNgFo4FjF2Yj2wEzDF
         OLd9sQPISsQkcyckjNShUzy9ImRj0LrsALitheuI1OWiG9jKW4nvxN+IQTaZg3OVPY6+
         RHRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=51JneASa5g+2UkduBVlRJYtKr91NQcJhmSZFyA5Lb9k=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=NaV+cwA0+5wEcKzaBY89UnsS1rfKG1nz3+4vxmXdvUUlETBSgKqUQ1Cy5iWnyX+YDJ
         gLvjijznv+QXyfQt9IrFz0Zo4M//+TrKH0ccZljKd5TBvXNp1fYDNHxM6dpyLqM27Oad
         Ef8Z2YUQ5uc5lMoQujJgbMmXUi+u64AUdTYdGj+Do8LUdd3B/ZglFjgG4w+t8yfC8MrN
         L+GSI98JWMwohpVz4qHhAR2lPg1fKITMQAkNc9dwv+ry4k0dqYVouZDR1kkgR8/uNplK
         P+IXDyjdi3jwwsO8GVHIkwi1N1Ip5zZwRQJSMVBytELxGSS7jyK+UOadrqDUwTWKCnvm
         vqFA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 p19-20020a50cd93000000b0053e82c019b4si2026088edi.604.2023.10.21.17.35.43;
        Sat, 21 Oct 2023 17:35:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9998068CA6B;
	Sun, 22 Oct 2023 03:35:30 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net
 [217.70.183.194])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C81F468C95C
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 03:35:22 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id F17D140003
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 00:35:21 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Oct 2023 02:35:16 +0200
Message-Id: <20231022003520.17154-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20231022003520.17154-1-michael@niedermayer.cc>
References: <20231022003520.17154-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 2/6] avcodec/cbs: Do not assert on traces
 beyond 255 bits
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: wggyZVuy9BxS

Fixes: Assertion length < 256 failed at libavcodec/cbs.c:517
Fixes: 62673/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-6490971837431808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/cbs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/cbs.c b/libavcodec/cbs.c
index cdd7adebebd..2f5d0334a2a 100644
--- a/libavcodec/cbs.c
+++ b/libavcodec/cbs.c
@@ -514,6 +514,11 @@ void ff_cbs_trace_read_log(void *trace_context,
 
     position = get_bits_count(gbc);
 
+    if (length >= 256) {
+        av_log(ctx->log_ctx, ctx->trace_level, "trace of %d bits truncated at 255\n", length);
+        length = 255;
+    }
+
     av_assert0(length < 256);
     for (i = 0; i < length; i++)
         bits[i] = get_bits1(gbc) ? '1' : '0';

From patchwork Sun Oct 22 00:35:17 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44303
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:1b28:b0:15d:8365:d4b8 with SMTP id
 ch40csp662697pzb;
        Sat, 21 Oct 2023 17:35:52 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IE6OtF1go1wcx6XQuyy4tJfs07zK3Qc9asFQFXFXMYro3Nd/WGmmhgwukSohSoV70nZaa/j
X-Received: by 2002:ac2:5e9c:0:b0:507:8f1b:ff59 with SMTP id
 b28-20020ac25e9c000000b005078f1bff59mr3596800lfq.62.1697934952450;
        Sat, 21 Oct 2023 17:35:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697934952; cv=none;
        d=google.com; s=arc-20160816;
        b=UPed+do7/uu8Ve7DNlkmPKJFD9hSnSoJ1eX+WFsH8ex6xZzicOfprgCd3XqV+8eDcp
         z1mkje98I0xX06l7onEwvTEo1cF7cC54vNJhyCqIoEXyYxwVdjwPvEiUIt4EfxFsOUi5
         n+TcxR4wWyL0Jl5YxqcPsf0DpYyu8VWDaA5kMemzvcY7ztkD2Z8jewtRofXintbML38v
         898CDOM1PFy7mWcsMRPfytNlq1O/Qcfr7GADaLvZNAw7z2ss321SwesePwCJbEBxoLCz
         ynXQmymE3dNDKeniNL8jbElwpaptOTjDH5lD7COgTUu+BFT+ZxNjbmzBWfqjGFt9xHFW
         plcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=8wvOho7jMJxhYtOjmEP8Z7AmbHFTloKP7qqkWzW07wc=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=Q3HI9S4TVq34CmUXD9CowNWo07MMJ7s+wC78cqp+S5g9SvJOjL0PoUhpKiKgbr9a38
         SZH0QDz7meb1s4csVGag/wdJid6emCR0b1aDi5v4koJL9DR5nHNTAF8J0dl6UY+8Nz5R
         s9t55V9leXxPAlpSNAsHpYuXSkkJxRkhGG+mU5Hehlj6TAKhsDwtmDQyMcdpBnPj2Dt2
         EoQKuLNpvjX+rGKL+SmRi5MZta1hYxIgSS+/VEmIsL4SngAldgj+M0emzPI0ZpGiqBRW
         UAEd+rDp9l+jGSO+0k7z49QNL5Xt5zoueNtj8d1BLvf+MDubDnSxE2W60RtF8lwKgl7g
         XjQg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 i27-20020a50d75b000000b0053dff759c2bsi1990327edj.543.2023.10.21.17.35.51;
        Sat, 21 Oct 2023 17:35:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BFA5468CA61;
	Sun, 22 Oct 2023 03:35:31 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net
 [217.70.183.197])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D1FFB68CA46
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 03:35:23 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 0E44F1C0002
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 00:35:22 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Oct 2023 02:35:17 +0200
Message-Id: <20231022003520.17154-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20231022003520.17154-1-michael@niedermayer.cc>
References: <20231022003520.17154-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 3/6] avcodec/apedec: Fix integer overflow in
 predictor_decode_stereo_3950()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: H+yqZc9Zo0+A

Fixes: signed integer overflow: 1900031961 + 553590817 cannot be represented in type 'int'
Fixes: 63061/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5166188298371072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/apedec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 8bfbb75b41e..d31c0671520 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -1284,7 +1284,7 @@ static void predictor_decode_stereo_3950(APEContext *ctx, int count)
             *decoded1++ = a1;
             if (num_passes > 1) {
                 int32_t left  = a1 - (unsigned)(a0 / 2);
-                int32_t right = left + a0;
+                int32_t right = left + (unsigned)a0;
 
                 if (FFMAX(FFABS(left), FFABS(right)) > (1<<23)) {
                     ctx->interim_mode = !interim_mode;

From patchwork Sun Oct 22 00:35:18 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44304
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:1b28:b0:15d:8365:d4b8 with SMTP id
 ch40csp662729pzb;
        Sat, 21 Oct 2023 17:36:01 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEOxznFCa2xava5t1iqfKKiKccYdTJA2R23TplNgULy2vxGhpgZK8GWBuoIOxP6WaNjn/wI
X-Received: by 2002:a17:906:4fd0:b0:9c7:4dab:20ea with SMTP id
 i16-20020a1709064fd000b009c74dab20eamr5028939ejw.67.1697934961228;
        Sat, 21 Oct 2023 17:36:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697934961; cv=none;
        d=google.com; s=arc-20160816;
        b=hcPH2RyP5Cs2OW68AF0XNibpAfncXbW9pPHQOYdYyol4+sThKn93wrFxUjPyLQqaNb
         BumHiZq6TxUhVaf8HbpcaGHUBWzknvg1+4iglAfIqhjy4wpZq2nU21xMEtBCy17unWr5
         Yc1yv2rkOLdLn7SEqui5ImQ4z56FOcetjA4wE0QeiHdog8C6z0IOrYpqlyLXVVlKaJMS
         Pz4R1/mvOSPyRdyndpM7jgGUjRfoYb3h/zF6u3+1gk7a7CvxlWdW/DdVVpa5VT1PDaPb
         KjkIkUCeO1AkilsU783SVCw07+3h+6eflc8NpyzcAdPO+4aAsfnUSC+PJJZG7IGRXWR8
         6I1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=8nUv4fy2CNJaYMP90yHpoLFyun9I6IXtYodNRb59Big=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=V0fpJeFA1dll0Rq4Licym/K22xntLWGGuOITOCF2+1s3mj2TMKXHXJGD79NJyv79m1
         O+t2fzL8HUoKEIeDC4ODGq0uIWppyJ1fRH7hzKYlXGWLQiz4ZOjlLLylNNF/6RVo14Ra
         GdpkdnIINK78r6XZLqbY9XB2IFIwMwomyPFcIsX/d929TlXpdBUPp346Ekg591XMPnqh
         3Kcq8nnfYIfnXOY/C8FEIEwEnZ/5db9z+/Xc2uKbZjyPqpGL3sS8A5YLVB0M6V7/jEOk
         e5T5CkHnvg3/NQJTEYLtJWSme+qGjeC7gt5O8pC3hnEivtFepkIyW4ZmxSQcO18GvPFS
         NBqw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 dr17-20020a170907721100b00988b6ffa850si1994769ejc.1028.2023.10.21.17.36.00;
        Sat, 21 Oct 2023 17:36:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D94A668CAC7;
	Sun, 22 Oct 2023 03:35:33 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id F30EA68C968
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 03:35:24 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 2871FE0003
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 00:35:23 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Oct 2023 02:35:18 +0200
Message-Id: <20231022003520.17154-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20231022003520.17154-1-michael@niedermayer.cc>
References: <20231022003520.17154-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 4/6] avcodec/dovi_rpu: Use 64 bit in
 get_us/se_coeff()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: ljJ6ZY+vDQqF

Fixes: shift exponent 32 is too large for 32-bit type 'int'
Fixes: 63151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5067531154751488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dovi_rpu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/dovi_rpu.c b/libavcodec/dovi_rpu.c
index f6485256c45..a6b23f4dd11 100644
--- a/libavcodec/dovi_rpu.c
+++ b/libavcodec/dovi_rpu.c
@@ -149,7 +149,7 @@ static inline uint64_t get_ue_coef(GetBitContext *gb, const AVDOVIRpuDataHeader
 
     case RPU_COEFF_FLOAT:
         fpart.u32 = get_bits_long(gb, 32);
-        return fpart.f32 * (1 << hdr->coef_log2_denom);
+        return fpart.f32 * (1LL << hdr->coef_log2_denom);
     }
 
     return 0; /* unreachable */
@@ -168,7 +168,7 @@ static inline int64_t get_se_coef(GetBitContext *gb, const AVDOVIRpuDataHeader *
 
     case RPU_COEFF_FLOAT:
         fpart.u32 = get_bits_long(gb, 32);
-        return fpart.f32 * (1 << hdr->coef_log2_denom);
+        return fpart.f32 * (1LL << hdr->coef_log2_denom);
     }
 
     return 0; /* unreachable */

From patchwork Sun Oct 22 00:35:19 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44305
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:1b28:b0:15d:8365:d4b8 with SMTP id
 ch40csp662763pzb;
        Sat, 21 Oct 2023 17:36:10 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHxh2KjZALk38C/mt9trRDo1LRC7uzOqd6/WuIGyrHT81rHU3qR0xOEuv8DhEnjODsI1dAj
X-Received: by 2002:a05:6402:27c9:b0:53f:9121:7976 with SMTP id
 c9-20020a05640227c900b0053f91217976mr4746563ede.17.1697934970201;
        Sat, 21 Oct 2023 17:36:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697934970; cv=none;
        d=google.com; s=arc-20160816;
        b=rSa4y7946R8TJHtVW8eku4SE7+btpXteDYk4glhol2key7UI6iG14OhRembr7625Ht
         d9T5svIWXLZBrGj1yVwEDlrxXnViZxChndnmfzHYG3OT5P0ZUzPHCjsZcHjWvlU37KqB
         srcnQCJpEC/ulgFJoBnvFpu/J8KqvmqRboif/1jJiGFD7u9he45mz/y9hBLIXs0AhzuR
         wugf4ImMffnoykjQ6wuMCuL+NfYLmUI27NcEjM2PW33EX+sbERsiY4LKISKMdCY77ZX8
         DVyn5+I9b5dsbu5oWR/MnRjvrDxidDmJzijLix8UJe+mD9SkkIsQN6Kao3kvI3HvDJ22
         cgLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=Leru1v+f4kvbti4UbsUO465aIz8MKvoOMt4ebwi7adw=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=nHQXVaGc7GnEhDNZpO2WBUdoLq00sCAu5gVtXYO9C+0gsP3u2maqxReiXdZslLLJNX
         5AOtJXbSLYSZ0lr+BKidFvmmSPVE9lvxL90MB6bNr3xkvFZZHeF6jCq9he4EZmT6FBLE
         FLMiYE1CBgHLCKvxedSQIoojY2rnB1dl1girbSWJFzF2ee+m3HITrVY71mC/IqgCkx/t
         +x3+OVD4kkObX/MLGUS2IuX8q/HbdYpsazQ2yBWBKX1yATzCSSuFcz0VbjGhWfknYYIl
         dDGN5Ov+7VK5wN0qvmwXyoJRmfjPwl4cogpXHPTtnhI8qbxXOn65d7a7GZxub7wiEp82
         S43A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 m23-20020aa7d357000000b0053ded44fd3bsi2067459edr.487.2023.10.21.17.36.09;
        Sat, 21 Oct 2023 17:36:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F410068CAE8;
	Sun, 22 Oct 2023 03:35:34 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net
 [217.70.183.199])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id ADA2D68CA72
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 03:35:25 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 0270CFF806
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 00:35:24 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Oct 2023 02:35:19 +0200
Message-Id: <20231022003520.17154-5-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20231022003520.17154-1-michael@niedermayer.cc>
References: <20231022003520.17154-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 5/6] avutil/tx_template: fix integer
 ovberflwo in fft3()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: ANiva/IazOPi

Fixes: signed integer overflow: -1028966111 + -1314089526 cannot be represented in type 'int'
Fixes: 63174/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5853273711837184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavutil/tx_template.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavutil/tx_template.c b/libavutil/tx_template.c
index 8dc3d2519c1..a2c27465cbc 100644
--- a/libavutil/tx_template.c
+++ b/libavutil/tx_template.c
@@ -185,10 +185,9 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in,
     BF(tmp[1].re, tmp[2].im, in[1].im, in[2].im);
     BF(tmp[1].im, tmp[2].re, in[1].re, in[2].re);
 
-    out[0*stride].re = tmp[0].re + tmp[2].re;
-    out[0*stride].im = tmp[0].im + tmp[2].im;
-
 #ifdef TX_INT32
+    out[0*stride].re = (int64_t)tmp[0].re + tmp[2].re;
+    out[0*stride].im = (int64_t)tmp[0].im + tmp[2].im;
     mtmp[0] = (int64_t)tab[ 8] * tmp[1].re;
     mtmp[1] = (int64_t)tab[ 9] * tmp[1].im;
     mtmp[2] = (int64_t)tab[10] * tmp[2].re;
@@ -198,6 +197,8 @@ static av_always_inline void fft3(TXComplex *out, TXComplex *in,
     out[2*stride].re = tmp[0].re - (mtmp[2] - mtmp[0] + 0x40000000 >> 31);
     out[2*stride].im = tmp[0].im - (mtmp[3] + mtmp[1] + 0x40000000 >> 31);
 #else
+    out[0*stride].re = tmp[0].re + tmp[2].re;
+    out[0*stride].im = tmp[0].im + tmp[2].im;
     tmp[1].re = tab[ 8] * tmp[1].re;
     tmp[1].im = tab[ 9] * tmp[1].im;
     tmp[2].re = tab[10] * tmp[2].re;

From patchwork Sun Oct 22 00:35:20 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44306
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:1b28:b0:15d:8365:d4b8 with SMTP id
 ch40csp662784pzb;
        Sat, 21 Oct 2023 17:36:19 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHtG8hpYkoKlrfmwWQbXxVYIFrNyEPB4VmdE9IDoDFemKbyM/CRyKTyCIrTKltzDZHOuJbu
X-Received: by 2002:a17:907:86a0:b0:9ad:eb9c:dd00 with SMTP id
 qa32-20020a17090786a000b009adeb9cdd00mr4103187ejc.12.1697934978954;
        Sat, 21 Oct 2023 17:36:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697934978; cv=none;
        d=google.com; s=arc-20160816;
        b=d3lry8qIoGfs5dAwI9l3QaYK5Lwuj3twU0t3zkOogeyA1Q+k1vnL7mRjgvmB8wcaNd
         Dn7ijDm8wDDHumd5DTuNsMgiicFPCQkUSH7/yhknaOohIGb/ObxqtE/Gud5p1c3XXpdl
         0zT77ZpGgtAsP264l43ZxAl4UAxhlsuWLG7oPuofwqvVJQ9doBaDXWR2+GWB6eqWmYOw
         guz1SJY+JsLxNskTAEOtvXXI7dzZvDG0OilyfencXPzqJNkTOz/awa3S9rWfzOPHbERz
         PZqVvtZspQRyiMg6gjRaQG37YgLFBWVoFIOVoDRN8pv4XZFLamU4VEHBUb+MXVveWxxV
         dYaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=Ac8Ty+LHddzuMsLxF4EIQ76ivHC4uyiucc5KxeFqqB0=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=z4jS3WwSdOWadQGJc96IKSeQIANNv2n8bTVHld8iaMDgiiyEFTgCPXg4/eOXgW8Tg8
         ZOUqGSO0i6GiD3ffqdOm+z1QDX1i7Qn+aBjuoZpvrBGyREMt078IkZRJtXP4968Z1AlA
         +O1jrmOjfZkahxPHxVN2glzhDy8V8MldX41VyaN4+8CL+tP7mWo7YIwUXR8WVzzJRQiP
         6u4fMCV8TCy1cABED4c9p4SY1gAqO3fBZPS+1+5d2GhywFTN8MOHvkXJGnQVI+x5t0Jj
         DgpcQ4A5AtjktUwoUFZgnMWB0EUXO3m77TaBAPRIPvUm5IK+6pacVA4mDYDTs73+Pxb2
         pRfQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 dr10-20020a170907720a00b00988a75603f5si2141197ejc.235.2023.10.21.17.36.18;
        Sat, 21 Oct 2023 17:36:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 015F268CAF2;
	Sun, 22 Oct 2023 03:35:36 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BBC4B68CA58
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 03:35:26 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id E0EB2240002
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Oct 2023 00:35:25 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 22 Oct 2023 02:35:20 +0200
Message-Id: <20231022003520.17154-6-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20231022003520.17154-1-michael@niedermayer.cc>
References: <20231022003520.17154-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 6/6] tools/target_dec_fuzzer: Adjust
 threshold for CSCD
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: dWUo7v1F5oz1

Fixes: Timeout
Fixes: 63362/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-4694620065628160

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 798fc0b3f2a..27e7398089a 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -221,6 +221,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     case AV_CODEC_ID_CFHD:        maxpixels  /= 16384; break;
     case AV_CODEC_ID_CINEPAK:     maxpixels  /= 128;   break;
     case AV_CODEC_ID_COOK:        maxsamples /= 1<<20; break;
+    case AV_CODEC_ID_CSCD:        maxpixels  /= 1024;  break;
     case AV_CODEC_ID_DFA:         maxpixels  /= 1024;  break;
     case AV_CODEC_ID_DIRAC:       maxpixels  /= 8192;  break;
     case AV_CODEC_ID_DSICINVIDEO: maxpixels  /= 1024;  break;