* [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK
@ 2023-01-30 23:45 Michael Niedermayer
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-01-30 23:45 UTC (permalink / raw)
To: FFmpeg development discussions and patches
The decoder is quite slow with max n taps
Fixes: Timeout
Fixes: 54063/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5087362407596032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
tools/target_dec_fuzzer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index a20345db5c..127d534c9d 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -215,6 +215,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
case AV_CODEC_ID_ARGO: maxpixels /= 1024; break;
case AV_CODEC_ID_BETHSOFTVID: maxpixels /= 8192; break;
case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break;
+ case AV_CODEC_ID_BONK: maxsamples /= 1<<20; break;
case AV_CODEC_ID_CDTOONS: maxpixels /= 1024; break;
case AV_CODEC_ID_CFHD: maxpixels /= 16384; break;
case AV_CODEC_ID_CINEPAK: maxpixels /= 128; break;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read
2023-01-30 23:45 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer
@ 2023-01-30 23:45 ` Michael Niedermayer
2023-01-31 11:21 ` Andreas Rheinhardt
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data Michael Niedermayer
2023-02-01 19:15 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer
2 siblings, 1 reply; 9+ messages in thread
From: Michael Niedermayer @ 2023-01-30 23:45 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: OOM
Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/lafdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
index d02b479c4d..b78ec3649c 100644
--- a/libavformat/lafdec.c
+++ b/libavformat/lafdec.c
@@ -208,6 +208,8 @@ again:
ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp);
if (ret < 0)
return ret;
+ if (ret != st_count * st->codecpar->sample_rate * bpp)
+ return AVERROR_INVALIDDATA;
}
st = ctx->streams[s->index];
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data
2023-01-30 23:45 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer
@ 2023-01-30 23:45 ` Michael Niedermayer
2023-01-31 11:25 ` Andreas Rheinhardt
2023-02-01 19:15 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer
2 siblings, 1 reply; 9+ messages in thread
From: Michael Niedermayer @ 2023-01-30 23:45 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: memleak
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/lafdec.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
index b78ec3649c..f6d2d5f235 100644
--- a/libavformat/lafdec.c
+++ b/libavformat/lafdec.c
@@ -253,6 +253,15 @@ again:
return 0;
}
+static int laf_read_close(AVFormatContext *ctx)
+{
+ LAFContext *s = ctx->priv_data;
+
+ av_freep(&s->data);
+
+ return 0;
+}
+
static int laf_read_seek(AVFormatContext *ctx, int stream_index,
int64_t timestamp, int flags)
{
@@ -270,6 +279,7 @@ const AVInputFormat ff_laf_demuxer = {
.read_probe = laf_probe,
.read_header = laf_read_header,
.read_packet = laf_read_packet,
+ .read_close = laf_read_close,
.read_seek = laf_read_seek,
.extensions = "laf",
.flags = AVFMT_GENERIC_INDEX,
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer
@ 2023-01-31 11:21 ` Andreas Rheinhardt
2023-01-31 20:27 ` Michael Niedermayer
0 siblings, 1 reply; 9+ messages in thread
From: Andreas Rheinhardt @ 2023-01-31 11:21 UTC (permalink / raw)
To: ffmpeg-devel
Michael Niedermayer:
> Fixes: OOM
> Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/lafdec.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
> index d02b479c4d..b78ec3649c 100644
> --- a/libavformat/lafdec.c
> +++ b/libavformat/lafdec.c
> @@ -208,6 +208,8 @@ again:
> ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp);
> if (ret < 0)
> return ret;
> + if (ret != st_count * st->codecpar->sample_rate * bpp)
> + return AVERROR_INVALIDDATA;
> }
>
> st = ctx->streams[s->index];
ffio_read()
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data Michael Niedermayer
@ 2023-01-31 11:25 ` Andreas Rheinhardt
2023-01-31 20:43 ` Michael Niedermayer
0 siblings, 1 reply; 9+ messages in thread
From: Andreas Rheinhardt @ 2023-01-31 11:25 UTC (permalink / raw)
To: ffmpeg-devel
Michael Niedermayer:
> Fixes: memleak
>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/lafdec.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
> index b78ec3649c..f6d2d5f235 100644
> --- a/libavformat/lafdec.c
> +++ b/libavformat/lafdec.c
> @@ -253,6 +253,15 @@ again:
> return 0;
> }
>
> +static int laf_read_close(AVFormatContext *ctx)
> +{
> + LAFContext *s = ctx->priv_data;
> +
> + av_freep(&s->data);
> +
> + return 0;
> +}
> +
> static int laf_read_seek(AVFormatContext *ctx, int stream_index,
> int64_t timestamp, int flags)
> {
> @@ -270,6 +279,7 @@ const AVInputFormat ff_laf_demuxer = {
> .read_probe = laf_probe,
> .read_header = laf_read_header,
> .read_packet = laf_read_packet,
> + .read_close = laf_read_close,
> .read_seek = laf_read_seek,
> .extensions = "laf",
> .flags = AVFMT_GENERIC_INDEX,
Needs the FF_FMT_INIT_CLEANUP flag, too (otherwise it will leak in case
of avformat_new_stream() failure).
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read
2023-01-31 11:21 ` Andreas Rheinhardt
@ 2023-01-31 20:27 ` Michael Niedermayer
2023-01-31 20:40 ` Andreas Rheinhardt
0 siblings, 1 reply; 9+ messages in thread
From: Michael Niedermayer @ 2023-01-31 20:27 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1225 bytes --]
On Tue, Jan 31, 2023 at 12:21:24PM +0100, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: OOM
> > Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavformat/lafdec.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
> > index d02b479c4d..b78ec3649c 100644
> > --- a/libavformat/lafdec.c
> > +++ b/libavformat/lafdec.c
> > @@ -208,6 +208,8 @@ again:
> > ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp);
> > if (ret < 0)
> > return ret;
> > + if (ret != st_count * st->codecpar->sample_rate * bpp)
> > + return AVERROR_INVALIDDATA;
> > }
> >
> > st = ctx->streams[s->index];
>
> ffio_read()
I assume you mean ffio_read_size(), will use that
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I have often repented speaking, but never of holding my tongue.
-- Xenocrates
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read
2023-01-31 20:27 ` Michael Niedermayer
@ 2023-01-31 20:40 ` Andreas Rheinhardt
0 siblings, 0 replies; 9+ messages in thread
From: Andreas Rheinhardt @ 2023-01-31 20:40 UTC (permalink / raw)
To: ffmpeg-devel
Michael Niedermayer:
> On Tue, Jan 31, 2023 at 12:21:24PM +0100, Andreas Rheinhardt wrote:
>> Michael Niedermayer:
>>> Fixes: OOM
>>> Fixes: 54572/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-4974038870523904
>>>
>>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>>> ---
>>> libavformat/lafdec.c | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
>>> index d02b479c4d..b78ec3649c 100644
>>> --- a/libavformat/lafdec.c
>>> +++ b/libavformat/lafdec.c
>>> @@ -208,6 +208,8 @@ again:
>>> ret = avio_read(pb, s->data, st_count * st->codecpar->sample_rate * bpp);
>>> if (ret < 0)
>>> return ret;
>>> + if (ret != st_count * st->codecpar->sample_rate * bpp)
>>> + return AVERROR_INVALIDDATA;
>>> }
>>>
>>> st = ctx->streams[s->index];
>>
>> ffio_read()
>
> I assume you mean ffio_read_size(), will use that
>
Yeah, I meant that. Sorry.
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data
2023-01-31 11:25 ` Andreas Rheinhardt
@ 2023-01-31 20:43 ` Michael Niedermayer
0 siblings, 0 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-01-31 20:43 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1657 bytes --]
On Tue, Jan 31, 2023 at 12:25:25PM +0100, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: memleak
> >
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavformat/lafdec.c | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> >
> > diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
> > index b78ec3649c..f6d2d5f235 100644
> > --- a/libavformat/lafdec.c
> > +++ b/libavformat/lafdec.c
> > @@ -253,6 +253,15 @@ again:
> > return 0;
> > }
> >
> > +static int laf_read_close(AVFormatContext *ctx)
> > +{
> > + LAFContext *s = ctx->priv_data;
> > +
> > + av_freep(&s->data);
> > +
> > + return 0;
> > +}
> > +
> > static int laf_read_seek(AVFormatContext *ctx, int stream_index,
> > int64_t timestamp, int flags)
> > {
> > @@ -270,6 +279,7 @@ const AVInputFormat ff_laf_demuxer = {
> > .read_probe = laf_probe,
> > .read_header = laf_read_header,
> > .read_packet = laf_read_packet,
> > + .read_close = laf_read_close,
> > .read_seek = laf_read_seek,
> > .extensions = "laf",
> > .flags = AVFMT_GENERIC_INDEX,
>
> Needs the FF_FMT_INIT_CLEANUP flag, too (otherwise it will leak in case
> of avformat_new_stream() failure).
ok, will apply with this
thx
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Breaking DRM is a little like attempting to break through a door even
though the window is wide open and the only thing in the house is a bunch
of things you dont want and which you would get tomorrow for free anyway
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK
2023-01-30 23:45 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data Michael Niedermayer
@ 2023-02-01 19:15 ` Michael Niedermayer
2 siblings, 0 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-02-01 19:15 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 681 bytes --]
On Tue, Jan 31, 2023 at 12:45:25AM +0100, Michael Niedermayer wrote:
> The decoder is quite slow with max n taps
> Fixes: Timeout
> Fixes: 54063/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5087362407596032
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> tools/target_dec_fuzzer.c | 1 +
> 1 file changed, 1 insertion(+)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
It is a danger to trust the dream we wish for rather than
the science we have, -- Dr. Kenneth Brown
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-02-01 19:15 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-30 23:45 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 2/3] avformat/lafdec: Check if all data was read Michael Niedermayer
2023-01-31 11:21 ` Andreas Rheinhardt
2023-01-31 20:27 ` Michael Niedermayer
2023-01-31 20:40 ` Andreas Rheinhardt
2023-01-30 23:45 ` [FFmpeg-devel] [PATCH 3/3] libavformat/lafdec: free data Michael Niedermayer
2023-01-31 11:25 ` Andreas Rheinhardt
2023-01-31 20:43 ` Michael Niedermayer
2023-02-01 19:15 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for BONK Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git