From patchwork Thu Nov  2 23:50:13 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44483
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:671c:b0:181:818d:5e7f with SMTP id q28csp218797pzh;
        Thu, 2 Nov 2023 16:50:29 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFEqaMYfsPFvgp4EQfo5Xbb4Vu0I/zmnRIZfaqBYaSSn0vWiHzW+phHQ3XauJmtgQXhbgi1
X-Received: by 2002:a17:907:7b99:b0:9be:30c2:b8fd with SMTP id
 ne25-20020a1709077b9900b009be30c2b8fdmr6430041ejc.66.1698969029007;
        Thu, 02 Nov 2023 16:50:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698969028; cv=none;
        d=google.com; s=arc-20160816;
        b=OThzfLkdb6ZEj5w4Ayup6YpKx33RVwNX4RfD89ptJaygnP/fHUUulrnov9SdJBMlxv
         XTGf+MijpZEIY4gf2GvQYz/4FVByXTCYjvCAHGJCFuXAWztG/HOhFEvdZEZEv5P3Irny
         +IBoUbaFAikvD1vmioVfXKOIpWqRnKWA+REvaixtQwlBIZMI1ISAQp9d/uFmMye2LY21
         DQLjtmnkiAz1vWULGYDQA5Uwh7pRAlZckVbjGi1nHodTDh8IxlSg9y3YaNoppvPT0Y+8
         tUqDg7naxnl3/8nlAjz6XhqDdTdni1IoSSdT9qCjU38d7Ag/Z/9weichREn4yL9vPif5
         pRfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:message-id:date:to:from:delivered-to;
        bh=X8kPsm6838ij1TEkF72+OZizcfb5XGwi1ELx31sCISY=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=QywRvjhIAE4TC+pdlSoBiHXZIBB6uFFZiJdA4TaOB3pMwCmgt9T9wSGJbAsYG1j9FK
         tZ3UVdiyTOEi2MdWjgI+fXWcDPXBmga8ycCNQnTNDzn2g0xeo7sj/qP2WfkBRLS+21dv
         tA0GACkrIpHK/bh5AdeclfUyUQKJONr2DbDOFVsx+XU1cKOLJK1QIalQTmG0ZhI+YUpe
         ewj+PUXlQ5ruG6T0JNz57NCHf4qRmmBKYixalIlDIlTCp+d8wgtXufDIQH7vBrqEBHt5
         J6PsX6vb8HKc45cWdOG92aQPU+LGzEOKs629AtMOw8FmHieH0r02hblQgnh0RZiy51R1
         sR9w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 dn7-20020a17090794c700b009db67b793c4si286306ejc.371.2023.11.02.16.50.27;
        Thu, 02 Nov 2023 16:50:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1D50068CCDD;
	Fri,  3 Nov 2023 01:50:24 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2C74D68CB89
 for <ffmpeg-devel@ffmpeg.org>; Fri,  3 Nov 2023 01:50:18 +0200 (EET)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 5423B240003
 for <ffmpeg-devel@ffmpeg.org>; Thu,  2 Nov 2023 23:50:17 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri,  3 Nov 2023 00:50:13 +0100
Message-Id: <20231102235016.3935-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 1/4] avfilter/framesync: cuddle () closer
 around =
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: HrbAHxGASb2d

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/framesync.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/framesync.c b/libavfilter/framesync.c
index c748262ba6a..6cb4b21fed8 100644
--- a/libavfilter/framesync.c
+++ b/libavfilter/framesync.c
@@ -288,7 +288,7 @@ int ff_framesync_get_frame(FFFrameSync *fs, unsigned in, AVFrame **rframe,
         if (need_copy) {
             if (!(frame = av_frame_clone(frame)))
                 return AVERROR(ENOMEM);
-            if ((ret = ff_inlink_make_frame_writable(fs->parent->inputs[in], &frame) < 0)) {
+            if ((ret = ff_inlink_make_frame_writable(fs->parent->inputs[in], &frame)) < 0) {
                 av_frame_free(&frame);
                 return ret;
             }

From patchwork Thu Nov  2 23:50:14 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44484
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:671c:b0:181:818d:5e7f with SMTP id q28csp218835pzh;
        Thu, 2 Nov 2023 16:50:38 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IE8HgDUKZVKltuXwyX/tqa/ibWAjCNFWtd8MKDBqeMkoxI7AXk4ub58tOuhQFqiliLMJFdj
X-Received: by 2002:a17:906:b49:b0:9ae:50ec:bd81 with SMTP id
 v9-20020a1709060b4900b009ae50ecbd81mr864529ejg.21.1698969038435;
        Thu, 02 Nov 2023 16:50:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698969038; cv=none;
        d=google.com; s=arc-20160816;
        b=QuwkXyJqKC1wpoeh2BnIPh7Y9vqaUtHubrr9ivm4/hUiBuB1PUN16KgzDdNl68+2ra
         9vmm+IiDFvw18A+wcU43cirrHygT5IznRqfiEjNL6LWMtE2KWsLh78urmaXZtVurhiRQ
         dGnSVHFsWiid7srmrLqAKTpBwgzwkcO+HiwSsVi9FD+gVnbCAe5XUn4F9YBdY1ODizrn
         ghorb1B1E7HCweL42XO/age5UYZRTKRrnj9voqBwQ9y+RP8xuucru8ltsSxePrXOQSsQ
         szgJQxsOs8qDYoYUxJnlHuDV5FEvOS63ZtkRkQGr/0PEZmqicJ1ksjLrkyQ1D20eHORF
         PPqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=YYcVddb+MRYY+YTCvNRURsxbg79A+45WwI6kf42Y2ho=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=AqY4aKd1Tx9p/Q7g5l7/4a/tlDhBGPpIw0HRT+gHG57Pi9jCkrA91c9D8TatiQi2Fr
         Up6PqalcyyuKnHB60MnXQuXq81nYhEEe1Kr8cWA9uHY3SnzvInEEuLybN6usRCo1K1i2
         3upIw5C2hOSYXpYNVs7ZkKDhR3iJ94RkkvjBmO7l0vGgUE9G1SWrcxSVL+Sr5JBmXOvl
         dZzBaA7U1lOMBg1k1g/yIKx4LKOcZgPwnp6EDmpiIf4P30OuTm7CA2ITOOZ99A0Zno7A
         WE1GMCVsed1y8TJHZEXAOtM9ltZQdZDxLp/DxEFRwuXeKeYN9QS+JdYCUACVj+k75rYH
         Sekg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 sa26-20020a1709076d1a00b009d3b7444e83si281096ejc.988.2023.11.02.16.50.38;
        Thu, 02 Nov 2023 16:50:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6697A68CCE8;
	Fri,  3 Nov 2023 01:50:25 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EB4F068CCDC
 for <ffmpeg-devel@ffmpeg.org>; Fri,  3 Nov 2023 01:50:18 +0200 (EET)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 2CACDE0009
 for <ffmpeg-devel@ffmpeg.org>; Thu,  2 Nov 2023 23:50:18 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri,  3 Nov 2023 00:50:14 +0100
Message-Id: <20231102235016.3935-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20231102235016.3935-1-michael@niedermayer.cc>
References: <20231102235016.3935-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 2/4] avfilter/buffersink: cuddle () closer
 around =
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: hJ/DWI6UM0ZB

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/buffersink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/buffersink.c b/libavfilter/buffersink.c
index 9426ded7ee3..ca2af1bc077 100644
--- a/libavfilter/buffersink.c
+++ b/libavfilter/buffersink.c
@@ -293,7 +293,7 @@ static int asink_query_formats(AVFilterContext *ctx)
         cleanup_redundant_layouts(ctx);
         for (i = 0; i < NB_ITEMS(buf->channel_layouts); i++)
             if ((ret = av_channel_layout_from_mask(&layout, buf->channel_layouts[i])) < 0 ||
-                (ret = ff_add_channel_layout(&layouts, &layout) < 0))
+                (ret = ff_add_channel_layout(&layouts, &layout)) < 0)
                 return ret;
         for (i = 0; i < NB_ITEMS(buf->channel_counts); i++) {
             layout = FF_COUNT2LAYOUT(buf->channel_counts[i]);

From patchwork Thu Nov  2 23:50:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44485
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:671c:b0:181:818d:5e7f with SMTP id q28csp218890pzh;
        Thu, 2 Nov 2023 16:50:46 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHsE7ilRdObEBjdT1lU1OixocYBEH51Jr3m7Glnx02ITJB3sdpGXlasBeFYY1G2WEF72ZFM
X-Received: by 2002:a17:906:c02:b0:9c5:7f5d:42dc with SMTP id
 s2-20020a1709060c0200b009c57f5d42dcmr829721ejf.33.1698969046696;
        Thu, 02 Nov 2023 16:50:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698969046; cv=none;
        d=google.com; s=arc-20160816;
        b=RKKz89ZPMR1ncE3h8aUjpY8mKwtV5czvO01lyxmYlpYanhhGTS4eaUq09NlM/NKUgD
         g4uq+HIDIU4NOoyqppHHWyS26nncuELxPNCA+L2cuAskeQ4zkL8fpO2+Xr+LXm25ej0C
         veoeIMPXszNZAK410G4Te5K8glwigiHj+zM0RXA5FziQnyoWEP4hR0PzXabttevdSNXF
         nCbU8Kd7dhYgTkK6C6UEhis5hK4gHVImuvPz/dNYzyMZQd3znny8Q7oJEEpSpiHwj2vg
         Jv3tCXfac7LBfsrCC8qqhrixMJlPj4z/hZyDjHGl5jXYA7K0itc/CP8bhZ756mEQWITg
         z5Lw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=7A9myof2AKltED1PPKicbGwNsUehimIkA+TpT5h+akk=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=vkA2ZuC4oIXBVY3uhl5o1gvRJMuS48cAJanlSfi18JeA/XoD4OZqja4DmQikGTJmph
         rqPcMHG2JhdaNpfO7It1rb/WQCmSG1io0sO2ZVZqbhP2iqVvEd2jjk+XafOGeFl0Hyvi
         xg+Hh+jxd7KlilF2bFjTGv7hi1JWEyXixw783/tuu/y5Pr5UI7ZYXD9lVtxCNTf8WLfk
         6qRooe6c+xpr85iDK7tw8fINyCuf3Uccm+BTzvParwnL7KjNMWLH6Pmfath7FoPuLsXo
         TjDgRA21HE630KeO3EAcbV24umNGV+HFkITN2XLz+BXMbvIrZskdCVhr1LEUraIkKyv3
         L7BQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 j14-20020a170906104e00b009d37ae5b894si301912ejj.643.2023.11.02.16.50.46;
        Thu, 02 Nov 2023 16:50:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8FD9D68CCED;
	Fri,  3 Nov 2023 01:50:26 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 74C1068C1E2
 for <ffmpeg-devel@ffmpeg.org>; Fri,  3 Nov 2023 01:50:19 +0200 (EET)
Received: by mail.gandi.net (Postfix) with ESMTPSA id D1E69240005
 for <ffmpeg-devel@ffmpeg.org>; Thu,  2 Nov 2023 23:50:18 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri,  3 Nov 2023 00:50:15 +0100
Message-Id: <20231102235016.3935-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20231102235016.3935-1-michael@niedermayer.cc>
References: <20231102235016.3935-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 3/4] avcodec/flicvideo: consider width in
 copy loops
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: invGc5wh5c9w

Fixes: out of array write
Fixes: 63520/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4876198087622656
Regression since: c7f8d42c12582b0626ea38117df6c9aea9fcf5b1 (was not posted to ffmpeg-devel)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/flicvideo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c
index 6ce033ba409..43f3f83bf65 100644
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -642,7 +642,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                        "has incorrect size, skipping chunk\n", chunk_size - 6);
                 bytestream2_skip(&g2, chunk_size - 6);
             } else {
-                for (y_ptr = 0; check_pixel_ptr(y_ptr, 0, pixel_limit, direction) == 0;
+                for (y_ptr = 0; check_pixel_ptr(y_ptr, s->avctx->width, pixel_limit, direction) == 0;
                      y_ptr += s->frame->linesize[0]) {
                     bytestream2_get_buffer(&g2, &pixels[y_ptr],
                                            s->avctx->width);
@@ -949,7 +949,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
 
                 if (bytestream2_get_bytes_left(&g2) < 2 * s->avctx->width * s->avctx->height )
                     return AVERROR_INVALIDDATA;
-                for (y_ptr = 0; check_pixel_ptr(y_ptr, 0, pixel_limit, direction) == 0;
+                for (y_ptr = 0; check_pixel_ptr(y_ptr, 2*s->avctx->width, pixel_limit, direction) == 0;
                      y_ptr += s->frame->linesize[0]) {
 
                     pixel_countdown = s->avctx->width;
@@ -1235,7 +1235,7 @@ static int flic_decode_frame_24BPP(AVCodecContext *avctx,
                        "bigger than image, skipping chunk\n", chunk_size - 6);
                 bytestream2_skip(&g2, chunk_size - 6);
             } else {
-                for (y_ptr = 0; check_pixel_ptr(y_ptr, 0, pixel_limit, direction) == 0;
+                for (y_ptr = 0; check_pixel_ptr(y_ptr, 3*s->avctx->width, pixel_limit, direction) == 0;
                      y_ptr += s->frame->linesize[0]) {
 
                     bytestream2_get_buffer(&g2, pixels + y_ptr, 3*s->avctx->width);

From patchwork Thu Nov  2 23:50:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 44486
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:671c:b0:181:818d:5e7f with SMTP id q28csp218943pzh;
        Thu, 2 Nov 2023 16:50:54 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHBBltk3sHNR1OIeMcRQvyAw5fp2rrKYJW8MgW5pvSxe12qNadmnYnt50vd5xX66cBzoJ3j
X-Received: by 2002:a17:907:31c3:b0:9be:ef46:6b9d with SMTP id
 xf3-20020a17090731c300b009beef466b9dmr5848510ejb.29.1698969054645;
        Thu, 02 Nov 2023 16:50:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698969054; cv=none;
        d=google.com; s=arc-20160816;
        b=AsOlRGMbT16rga3R74TsNaPue5nL4S5V6fKkquetvKSVWRz8V6J7PPpT185HvSsDoo
         mEO+OA6ygMZbtAHvAw73PhmaWPvOEAvusJPg13zaQuwWQhkHgxqvmuQYd/CSjGgDoLvB
         +JUJdx142yY4QL/WZYkUTCJ7KR+YGTIk6syI6JNSqd3IMBeNdpt3p4/acZBz7F2ZdYzS
         V/nmsHCaoOWtMACzUdGxMkJ059wpi7C6K0B+23xTf/lWULgRebW8LM/qJU0Rs9zD4iNF
         FeqJmAuqWbyXtlQm1SjM+Zyovaiyfq9wpoWFYWuUa1A04BsuR//LluynTAkyh+Q+1yqX
         shOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=5Svnrc2NNVH/1XcH3xdis7xcFABgMEPIKPKgvu7kK78=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=W0Q17j2fVsrtD7ohF7WUK56Bkk8eu5455fjxoVI1D26QnOFPKX3eEXU8Nytt+JAndI
         1Yhq+L2ekS/LsMdrwW4VEIr2d47HRNRggpVYD+3TlhIMb75KuKAlL39DPW5JFzBDRLYh
         WA5GdNzr6VCLdL02o4SFBLgIR1bs10ziEWGJz5UDU++t5d1C2dp3Bawg3ajzfp4SD8oc
         hnv+Excd/KxvwtFHqD3+i9bCqxhuyI6es7mFZeYutpw2CBYucWSB0ydznYM6cWeEygx4
         jSHTmRbM4snw07yI6NVrl//+SrQE+66yBGIMMXwIUhwGz1Yb3MVApiLRXi4n9TSJBJYt
         mbgw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 sh33-20020a1709076ea100b009bda75c1085si287811ejc.261.2023.11.02.16.50.54;
        Thu, 02 Nov 2023 16:50:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BD8F168CCF3;
	Fri,  3 Nov 2023 01:50:28 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net
 [217.70.183.199])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 73FCD68CCE9
 for <ffmpeg-devel@ffmpeg.org>; Fri,  3 Nov 2023 01:50:20 +0200 (EET)
Received: by mail.gandi.net (Postfix) with ESMTPSA id A5488FF806
 for <ffmpeg-devel@ffmpeg.org>; Thu,  2 Nov 2023 23:50:19 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri,  3 Nov 2023 00:50:16 +0100
Message-Id: <20231102235016.3935-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20231102235016.3935-1-michael@niedermayer.cc>
References: <20231102235016.3935-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 4/4] avformat/lafdec: Check for 0 parameters
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: X9iBGdS/e1wq

Fixes: Timeout
Fixes: 63661/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-6615365234589696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/lafdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
index 59a59dcfe9c..b867f106aee 100644
--- a/libavformat/lafdec.c
+++ b/libavformat/lafdec.c
@@ -139,7 +139,9 @@ static int laf_read_header(AVFormatContext *ctx)
     s->index = 0;
     s->stored_index = 0;
     s->bpp = bpp;
-    if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX)
+    if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX ||
+        (int64_t)bpp * st_count * (int64_t)sample_rate == 0
+    )
         return AVERROR_INVALIDDATA;
     s->data = av_calloc(st_count * sample_rate, bpp);
     if (!s->data)