From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 325B24F359
	for <ffmpegdev@gitmailbox.com>; Sun, 22 Feb 2026 18:33:15 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'e2Y6tfGlKpW78D5PSYNn+tulEfXvqTFG6tiZlYxMTEw=', expected 
   b'XGOJ4uKz3hLKiv00eAnukLjyQCN+yGeHI2/Fi4qFJD0=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1771776316; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=e2Y6tfGlKpW78D5PSYNn+tulEfXvqTFG6tiZlYxMTEw=;
 b=ozI8rOgpr3UEmEtsXT3QNcJ2Y2+ho4suvjsTJBQP+2XS9LC+NoTK22EzNCtEReqIjvz1k
 b+YSCIHVO+QijL8aM0GeFtgcpoYlV7//18WyPOfr1yaJSisPEulOafzIWd1EF/qRngH4R2o
 Vfdihwpl+4D+6JECPe/6cbzHUtLv02djbH3vx/agdEAsjdGq2W+3IsRBWqU4coJE8Q+/8by
 McCIRhLcvIPU8fIuTBL5yDTLcN+tdFxT7EERvOC5l8nevbPHkVSXAbQrgh5PgmQhHGQBxV3
 op5F/fnEjVTxHiWZSpoH5QVJhlCuY/Qt97rMTUfLTAbt+EM+R4HoqWf2Ua5w==
Received: from [172.18.0.3] (unknown [172.18.0.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id AFE35691228;
	Sun, 22 Feb 2026 18:05:16 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1771776309;
 b=mrptXarM9bH6+O2xxcHtIHUimF6/B/lARnQnEus6le2sBSpNra8VdW3ibh0VL7la2AQVd
 bheAmbD8jL03SknGfXZtLZRKstS02fmXAPOgktvYMCAz5ukrJEmgL909tQM8gCigqwXoh6D
 BpCcKgrNBFmdRVcjTy+1mAvnFftfhFOSdFzqRe0VkAYcqYP116Ff3UmvwrP1icaEZsMI7dc
 pD7MTORVHSvHh/Zb5TAf6xyAfofg2uPFnX4KJ1pLZZvRq3bRP9zZutDZSv704XDHzDhLoR4
 frGPIPd9KYviX3hr7TzFYAcu3+a/zR8B/wbD5LKMP6mbTtHvP2dnwglPszmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1771776309; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=m9gkXGzdGspdfoEcfGzV9yiR6/10asla6nSSqLsRAWk=;
 b=evyvhkd3QN4qn3JFKjzf2n7DZp5YDDpmySH9Ig9hl/oAO2KrNyPew9CNZsl8b/0nptosq
 joD+UtyqqjzdDmy18J0hjxt/iOqyGwuiKsBdAk7WV9pTeEr+KhhW6ksRDmrqPMaDTPG3cEM
 5HkyiS9d48DB6l//VWF9VVCOPVr8k4PCWbYpnCnBDOHehWkZcKtUhD34bcIzTSvQIQhK3im
 97iHAKeCF4WLRqU5TEiGv75zmG6KOARILCxxBtahKMCe522bjQf9wPyd7txQgDcs2qkwICG
 Ry2lQ+O4C0lKyd7n1d9oWr8Vxul3F+8dro/C8GKgmvwFu/5p15cAC6WIxKfA==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1771776302; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=XGOJ4uKz3hLKiv00eAnukLjyQCN+yGeHI2/Fi4qFJD0=;
 b=orj2G8xNJpyUe63jrQkV90c4gGw1WFNwtqzBnhJAWH9i/5RSwnH/Zchd9ponp2q4KzJEd
 9ojzSybYXjrvGkcdyk6ugAg99dcCwVhRNYCiAelmIeNSbne48beuMjarrrZuX5RteP3678A
 RGfqAkcpyFod0Q5n3rY53emSuKszMbHQjuPuyoBnPwCQ6zd6bIyGqp0h4TR2daHjgk+EVIv
 mHHE8eLs8QwpSEaxYioeQIhzJJsS7Zp9iWHjd33xbTLKN7dkmhTzmxh1amPmnndZ23O9cR2
 lbV/q+1uE8jEmrWPu1OuJLgp0mA1EvtU0bMDvbwiVZPjkZbI/Yf9+vhIrAXg==
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 22 Feb 2026 16:05:01 -0000
Message-ID: <177177630215.25.11479968425021468158@29965ddac10e>
Message-ID-Hash: XOWNRPACDL4FFU3OLJV2MCARCJT24BJI
X-Message-ID-Hash: XOWNRPACDL4FFU3OLJV2MCARCJT24BJI
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avcodec/vp3: Sanity check cropping (PR #22253)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/XOWNRPACDL4FFU3OLJV2MCARCJT24BJI/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/177177630215.25.11479968425021468158@29965ddac10e/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: michaelni <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/177177630215.25.11479968425021468158@29965ddac10e/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #22253 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22253
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22253.patch

Fixes: Timeout
Fixes: 476179563/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5231013478596608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>


>>From 763ad93a06776631fbb503bf63c7c72f82f3eef3 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 22 Feb 2026 01:20:29 +0100
Subject: [PATCH] avcodec/vp3: Sanity check cropping

Fixes: Timeout
Fixes: 476179563/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5231013478596608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vp3.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index 7ce54967e1..edb5594bde 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2874,6 +2874,8 @@ static int theora_decode_header(AVCodecContext *avctx, GetBitContext *gb)
     if (av_image_check_size(visible_width, visible_height, 0, avctx) < 0 ||
         visible_width  + offset_x > s->width ||
         visible_height + offset_y > s->height ||
+        visible_width  + 512 < s->width  ||
+        visible_height + 512 < s->height ||
         visible_width < 18
     ) {
         av_log(avctx, AV_LOG_ERROR,
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org