* [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK
@ 2023-01-30 23:45 Michael Niedermayer
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-01-30 23:45 UTC (permalink / raw)
To: FFmpeg development discussions and patches
The decoder is quite slow with max n taps
Fixes: Timeout
Fixes: 54063/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5087362407596032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
tools/target_dec_fuzzer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index a20345db5c..127d534c9d 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -215,6 +215,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
case AV_CODEC_ID_ARGO: maxpixels /= 1024; break;
case AV_CODEC_ID_BETHSOFTVID: maxpixels /= 8192; break;
case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break;
+ case AV_CODEC_ID_BONK: maxsamples /= 1<<20; break;
case AV_CODEC_ID_CDTOONS: maxpixels /= 1024; break;
case AV_CODEC_ID_CFHD: maxpixels /= 16384; break;
case AV_CODEC_ID_CINEPAK: maxpixels /= 128; break;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread* [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read 2023-01-30 23:45 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer @ 2023-01-30 23:45 ` Michael Niedermayer 2023-01-31 11:21 ` Andreas Rheinhardt 2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data Michael Niedermayer 2023-02-01 19:15 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer 2 siblings, 1 reply; 9+ messages in thread From: Michael Niedermayer @ 2023-01-30 23:45 UTC (permalink / raw) To: FFmpeg development discussions and patches Fixes: OOM Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/lafdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c index d02b479c4d..b78ec3649c 100644 --- a/libavformat/lafdec.c +++ b/libavformat/lafdec.c @@ -208,6 +208,8 @@ again: ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp); if (ret < 0) return ret; + if (ret != st_count * st->codecpar->sample_rate * bpp) + return AVERROR_INVALIDDATA; } st = ctx->streams[s->index]; -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read 2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer @ 2023-01-31 11:21 ` Andreas Rheinhardt 2023-01-31 20:27 ` Michael Niedermayer 0 siblings, 1 reply; 9+ messages in thread From: Andreas Rheinhardt @ 2023-01-31 11:21 UTC (permalink / raw) To: ffmpeg-devel Michael Niedermayer: > Fixes: OOM > Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/lafdec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c > index d02b479c4d..b78ec3649c 100644 > --- a/libavformat/lafdec.c > +++ b/libavformat/lafdec.c > @@ -208,6 +208,8 @@ again: > ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp); > if (ret < 0) > return ret; > + if (ret != st_count * st->codecpar->sample_rate * bpp) > + return AVERROR_INVALIDDATA; > } > > st = ctx->streams[s->index]; ffio_read() - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read 2023-01-31 11:21 ` Andreas Rheinhardt @ 2023-01-31 20:27 ` Michael Niedermayer 2023-01-31 20:40 ` Andreas Rheinhardt 0 siblings, 1 reply; 9+ messages in thread From: Michael Niedermayer @ 2023-01-31 20:27 UTC (permalink / raw) To: FFmpeg development discussions and patches [-- Attachment #1.1: Type: text/plain, Size: 1225 bytes --] On Tue, Jan 31, 2023 at 12:21:24PM +0100, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: OOM > > Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/lafdec.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c > > index d02b479c4d..b78ec3649c 100644 > > --- a/libavformat/lafdec.c > > +++ b/libavformat/lafdec.c > > @@ -208,6 +208,8 @@ again: > > ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp); > > if (ret < 0) > > return ret; > > + if (ret != st_count * st->codecpar->sample_rate * bpp) > > + return AVERROR_INVALIDDATA; > > } > > > > st = ctx->streams[s->index]; > > ffio_read() I assume you mean ffio_read_size(), will use that thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I have often repented speaking, but never of holding my tongue. -- Xenocrates [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] [-- Attachment #2: Type: text/plain, Size: 251 bytes --] _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read 2023-01-31 20:27 ` Michael Niedermayer @ 2023-01-31 20:40 ` Andreas Rheinhardt 0 siblings, 0 replies; 9+ messages in thread From: Andreas Rheinhardt @ 2023-01-31 20:40 UTC (permalink / raw) To: ffmpeg-devel Michael Niedermayer: > On Tue, Jan 31, 2023 at 12:21:24PM +0100, Andreas Rheinhardt wrote: >> Michael Niedermayer: >>> Fixes: OOM >>> Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904 >>> >>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >>> --- >>> libavformat/lafdec.c | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c >>> index d02b479c4d..b78ec3649c 100644 >>> --- a/libavformat/lafdec.c >>> +++ b/libavformat/lafdec.c >>> @@ -208,6 +208,8 @@ again: >>> ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp); >>> if (ret < 0) >>> return ret; >>> + if (ret != st_count * st->codecpar->sample_rate * bpp) >>> + return AVERROR_INVALIDDATA; >>> } >>> >>> st = ctx->streams[s->index]; >> >> ffio_read() > > I assume you mean ffio_read_size(), will use that > Yeah, I meant that. Sorry. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 9+ messages in thread
* [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data 2023-01-30 23:45 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer 2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer @ 2023-01-30 23:45 ` Michael Niedermayer 2023-01-31 11:25 ` Andreas Rheinhardt 2023-02-01 19:15 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer 2 siblings, 1 reply; 9+ messages in thread From: Michael Niedermayer @ 2023-01-30 23:45 UTC (permalink / raw) To: FFmpeg development discussions and patches Fixes: memleak Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/lafdec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c index b78ec3649c..f6d2d5f235 100644 --- a/libavformat/lafdec.c +++ b/libavformat/lafdec.c @@ -253,6 +253,15 @@ again: return 0; } +static int laf_read_close(AVFormatContext *ctx) +{ + LAFContext *s = ctx->priv_data; + + av_freep(&s->data); + + return 0; +} + static int laf_read_seek(AVFormatContext *ctx, int stream_index, int64_t timestamp, int flags) { @@ -270,6 +279,7 @@ const AVInputFormat ff_laf_demuxer = { .read_probe = laf_probe, .read_header = laf_read_header, .read_packet = laf_read_packet, + .read_close = laf_read_close, .read_seek = laf_read_seek, .extensions = "laf", .flags = AVFMT_GENERIC_INDEX, -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data 2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data Michael Niedermayer @ 2023-01-31 11:25 ` Andreas Rheinhardt 2023-01-31 20:43 ` Michael Niedermayer 0 siblings, 1 reply; 9+ messages in thread From: Andreas Rheinhardt @ 2023-01-31 11:25 UTC (permalink / raw) To: ffmpeg-devel Michael Niedermayer: > Fixes: memleak > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/lafdec.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c > index b78ec3649c..f6d2d5f235 100644 > --- a/libavformat/lafdec.c > +++ b/libavformat/lafdec.c > @@ -253,6 +253,15 @@ again: > return 0; > } > > +static int laf_read_close(AVFormatContext *ctx) > +{ > + LAFContext *s = ctx->priv_data; > + > + av_freep(&s->data); > + > + return 0; > +} > + > static int laf_read_seek(AVFormatContext *ctx, int stream_index, > int64_t timestamp, int flags) > { > @@ -270,6 +279,7 @@ const AVInputFormat ff_laf_demuxer = { > .read_probe = laf_probe, > .read_header = laf_read_header, > .read_packet = laf_read_packet, > + .read_close = laf_read_close, > .read_seek = laf_read_seek, > .extensions = "laf", > .flags = AVFMT_GENERIC_INDEX, Needs the FF_FMT_INIT_CLEANUP flag, too (otherwise it will leak in case of avformat_new_stream() failure). - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data 2023-01-31 11:25 ` Andreas Rheinhardt @ 2023-01-31 20:43 ` Michael Niedermayer 0 siblings, 0 replies; 9+ messages in thread From: Michael Niedermayer @ 2023-01-31 20:43 UTC (permalink / raw) To: FFmpeg development discussions and patches [-- Attachment #1.1: Type: text/plain, Size: 1657 bytes --] On Tue, Jan 31, 2023 at 12:25:25PM +0100, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: memleak > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/lafdec.c | 10 ++++++++++ > > 1 file changed, 10 insertions(+) > > > > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c > > index b78ec3649c..f6d2d5f235 100644 > > --- a/libavformat/lafdec.c > > +++ b/libavformat/lafdec.c > > @@ -253,6 +253,15 @@ again: > > return 0; > > } > > > > +static int laf_read_close(AVFormatContext *ctx) > > +{ > > + LAFContext *s = ctx->priv_data; > > + > > + av_freep(&s->data); > > + > > + return 0; > > +} > > + > > static int laf_read_seek(AVFormatContext *ctx, int stream_index, > > int64_t timestamp, int flags) > > { > > @@ -270,6 +279,7 @@ const AVInputFormat ff_laf_demuxer = { > > .read_probe = laf_probe, > > .read_header = laf_read_header, > > .read_packet = laf_read_packet, > > + .read_close = laf_read_close, > > .read_seek = laf_read_seek, > > .extensions = "laf", > > .flags = AVFMT_GENERIC_INDEX, > > Needs the FF_FMT_INIT_CLEANUP flag, too (otherwise it will leak in case > of avformat_new_stream() failure). ok, will apply with this thx -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Breaking DRM is a little like attempting to break through a door even though the window is wide open and the only thing in the house is a bunch of things you dont want and which you would get tomorrow for free anyway [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] [-- Attachment #2: Type: text/plain, Size: 251 bytes --] _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK 2023-01-30 23:45 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer 2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer 2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data Michael Niedermayer @ 2023-02-01 19:15 ` Michael Niedermayer 2 siblings, 0 replies; 9+ messages in thread From: Michael Niedermayer @ 2023-02-01 19:15 UTC (permalink / raw) To: FFmpeg development discussions and patches [-- Attachment #1.1: Type: text/plain, Size: 681 bytes --] On Tue, Jan 31, 2023 at 12:45:25AM +0100, Michael Niedermayer wrote: > The decoder is quite slow with max n taps > Fixes: Timeout > Fixes: 54063/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5087362407596032 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > tools/target_dec_fuzzer.c | 1 + > 1 file changed, 1 insertion(+) will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB It is a danger to trust the dream we wish for rather than the science we have, -- Dr. Kenneth Brown [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] [-- Attachment #2: Type: text/plain, Size: 251 bytes --] _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-02-01 19:15 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-01-30 23:45 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer 2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer 2023-01-31 11:21 ` Andreas Rheinhardt 2023-01-31 20:27 ` Michael Niedermayer 2023-01-31 20:40 ` Andreas Rheinhardt 2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data Michael Niedermayer 2023-01-31 11:25 ` Andreas Rheinhardt 2023-01-31 20:43 ` Michael Niedermayer 2023-02-01 19:15 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel This inbox may be cloned and mirrored by anyone: git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \ ffmpegdev@gitmailbox.com public-inbox-index ffmpegdev Example config snippet for mirrors. AGPL code for this site: git clone https://public-inbox.org/public-inbox.git