From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 3B0734DE73 for ; Sat, 7 Feb 2026 01:56:52 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'nfCTa1afY1pzmCoiDWw0UuoQ95W8RvXHnGIDwXuDU7g=', expected b'0+RI0rzISj8JFKmiwtI7inHtZ+LhAqSLOfVK89oE8Jo=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770429406; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=nfCTa1afY1pzmCoiDWw0UuoQ95W8RvXHnGIDwXuDU7g=; b=CteoTdaKQUu9Pb6ZVXj270S/JFLGAPDn32/Nybh3YNTtoY/S56hec4LBtbxll3tPZQH3N Uy2OPpcQuxaE2rDkD84rfclgNGGoFD0ZVB8wXzSqgnXfpHkP0k/9HvbVhm5Dc7a7ZvOIc4Q zHyPPhxFsGClX4TAmXbjhFbMaH/Jj9FEhqJ1Kv25LPkHFKFPXVh7FDaZs9uxLderjToYCbN ZStWX6aWs89VQQKmM4YVoE/NceOyP71CEMCh+JfbajchTfO43dUmKFGweK0CE1qfz5HGMYx hgEEPSF3ovZzM4AZxy4gmSuLIk4MeYQtiSRqR6sbzZLArKHXbkyU4O46DV+A== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 862466910AF; Sat, 7 Feb 2026 03:56:46 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770429387; b=Av2jWQeGBM/dHu+fDmJGDkHWMMdMUUt1yktytjM61HNKaGix+r9JWNPWd/sp4n0wNwIJ4 8we+vi2r3kAwPTHwRFW6KWp91l4LmJgilNlJtHjNjvm1wWRLfuyxviUvjMwTrsP6Hfr9umo iyYm8eJxI6wT5Vomg3xn+48Mg1pu9amqIoDhQcqn4NQIjjl5QKPTh0/uOGlC8kHXzruD5PZ VykesxF5anOQY7F7YrrX02pDp+OyCfIeZ+YsAXt8O4VeGjRxlS0sXiqYo8joyhTSCVK6dd0 F6ONHb7WBsV2Xtm1aiiO6yEcwru25sd1d6vJ3ofiOrBlC77QB79cSBShiW7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1770429387; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=bd/lOLDhxENeRwrzr2eQIrUt6PnDglypvLI2MDKDf6Q=; b=ngrG3TeWKHsV7AZYXSee9nHmvfbossfYauvxfnHFlOBkYXZ0pqcU6zS7HkRLxH+K5tjkm xbrf5Nqzu6L+SohoUYWfcJijszfXzanz0bmOluuFa9P2CV6/ZJIaH0OxNwza/QHN4uD4KP4 4WweIpTzfQMuBu7ubtsmN69BCpChoOX7pWxpGtpMO5JNZ19jY+rEicfUIVu+iVbeE7B0NPU xOtwTL8XIfca2d5aENvtDFyBLEbS/iDfpIAa/txkK5lXtlfMpkTRuBYt4YN+4/KmKyIQ6oP W9/sf3YJRAja29m5NgvtiuHljbg81BnO+J1g8YoaTa+sDwSPmELK9m+ie8cg== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770429380; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=0+RI0rzISj8JFKmiwtI7inHtZ+LhAqSLOfVK89oE8Jo=; b=3zXhOECCv7B6ggATej7WyTsf17JfS16Zuz5gQ93XZMUrlBkffFl6QA0/TF7ZI1n/j872J Ke2WBYLhtBWdxWXYa13mdW+ZSyGaJeS9b8/FUoudGkpIHgdR3gc+6eXUUNAWCux588yod4Z VChgn/ngC7OYADpR80HYS4y+ZiWip/RfVnMzO4SDFH8DW/RYkc/ZT5RYyuIc2UDSlEKxo+g 2p0ivRWMeGtT23YRzaHdd4AOPWMzMHQD/2p6zM5MODK0zZssZlGafj5sQCb1b//gjVzxJIB cfZtrF2+Tb01tQA8xthnplk2Uyq/lQjzRrAt1kmNiIZy+lDTiKEAXTJq5OwQ== Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 4E1F56910A0 for ; Sat, 7 Feb 2026 03:56:20 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Sat, 07 Feb 2026 01:56:19 -0000 Message-ID: <177042938043.25.16358797304658628604@4457048688e7> Message-ID-Hash: 3ROHJXJNZGE42T7PVWGCIYYWC6NDGSJB X-Message-ID-Hash: 3ROHJXJNZGE42T7PVWGCIYYWC6NDGSJB X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avcodec/bmp: Move picture allocation after some checks (PR #21673) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21673 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21673 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21673.patch Fixes: Timeout Fixes: 479872424/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BMP_DEC_fuzzer-5311478919135232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >>From 820ce6b5cdd2540e92d9e115197b316d93028dfb Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2026 00:49:24 +0100 Subject: [PATCH 1/2] avcodec/bmp: fix indention Signed-off-by: Michael Niedermayer --- libavcodec/bmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/bmp.c b/libavcodec/bmp.c index 360c103200..9e9f62d91e 100644 --- a/libavcodec/bmp.c +++ b/libavcodec/bmp.c @@ -129,7 +129,7 @@ static int bmp_decode_frame(AVCodecContext *avctx, AVFrame *p, rgb[1] = bytestream_get_le32(&buf); rgb[2] = bytestream_get_le32(&buf); if (ihsize > 40) - alpha = bytestream_get_le32(&buf); + alpha = bytestream_get_le32(&buf); } ret = ff_set_dimensions(avctx, width, height > 0 ? height : -(unsigned)height); -- 2.52.0 >>From a9cbf288d3fe30d70b886d30485468d66952919f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2026 00:49:37 +0100 Subject: [PATCH 2/2] avcodec/bmp: Move picture allocation after some checks Fixes: Timeout Fixes: 479872424/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BMP_DEC_fuzzer-5311478919135232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/bmp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/bmp.c b/libavcodec/bmp.c index 9e9f62d91e..db5d704057 100644 --- a/libavcodec/bmp.c +++ b/libavcodec/bmp.c @@ -207,9 +207,6 @@ static int bmp_decode_frame(AVCodecContext *avctx, AVFrame *p, return AVERROR_INVALIDDATA; } - if ((ret = ff_get_buffer(avctx, p, 0)) < 0) - return ret; - buf = buf0 + hsize; dsize = buf_size - hsize; @@ -225,6 +222,8 @@ static int bmp_decode_frame(AVCodecContext *avctx, AVFrame *p, } av_log(avctx, AV_LOG_ERROR, "data size too small, assuming missing line alignment\n"); } + if ((ret = ff_get_buffer(avctx, p, 0)) < 0) + return ret; // RLE may skip decoding some picture areas, so blank picture before decoding if (comp == BMP_RLE4 || comp == BMP_RLE8) -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org