On Mon, Mar 27, 2023 at 01:45:01AM +0100, Kieran Kunhya wrote: > On Sun, 26 Mar 2023, 23:27 Michael Niedermayer, > wrote: > > > Fixes: Assertion failure on x86-32 > > Fixes: > > 39641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5925660741206016 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by > > : > > Michael Niedermayer > > --- > > libavcodec/vp3.c | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c > > index 9660def675f..22348559461 100644 > > --- a/libavcodec/vp3.c > > +++ b/libavcodec/vp3.c > > @@ -2353,6 +2353,8 @@ static av_cold int vp3_decode_init(AVCodecContext > > *avctx) > > s->avctx = avctx; > > s->width = FFALIGN(avctx->coded_width, 16); > > s->height = FFALIGN(avctx->coded_height, 16); > > + if (s->width < 18) > > + return AVERROR_PATCHWELCOME; > > if (avctx->codec_id != AV_CODEC_ID_THEORA) > > avctx->pix_fmt = AV_PIX_FMT_YUV420P; > > avctx->chroma_sample_location = AVCHROMA_LOC_CENTER; > > @@ -2919,7 +2921,9 @@ static int theora_decode_header(AVCodecContext > > *avctx, GetBitContext *gb) > > /* sanity check */ > > if (av_image_check_size(visible_width, visible_height, 0, avctx) < 0 > > || > > visible_width + offset_x > s->width || > > - visible_height + offset_y > s->height) { > > + visible_height + offset_y > s->height || > > + visible_width < 18 > > + ) { > > av_log(avctx, AV_LOG_ERROR, > > "Invalid frame dimensions - w:%d h:%d x:%d y:%d > > (%dx%d).\n", > > visible_width, visible_height, offset_x, offset_y, > > @@ -2965,6 +2969,8 @@ static int theora_decode_header(AVCodecContext > > *avctx, GetBitContext *gb) > > } else > > avctx->pix_fmt = AV_PIX_FMT_YUV420P; > > > > + if (s->width < 18) > > + return AVERROR_PATCHWELCOME; > > ret = ff_set_dimensions(avctx, s->width, s->height); > > if (ret < 0) > > return ret; > > -- > > 2.17.1 > > > > Please provide some explanation around the number "18" Its because the source needed for MC of a block is 9x9 and chroma is 1/2 so a width of 18 is ok but 16 could result in a 8 linesize into which a 9x9 block would not fit. This is x86-32 specific probably as the linesize is rouded up more on 64bit If theres some value in such small sizes i could look into adjusting the linesize up in these cases? ill add this to the commit message: Fixes: Assertion failure on x86-32 av_assert2(block_w * sizeof(pixel) <= FFABS(buf_linesize)); in ff_emulated_edge_mc() [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Complexity theory is the science of finding the exact solution to an approximation. Benchmarking OTOH is finding an approximation of the exact