* [FFmpeg-devel] [PATCH 1/6] avcodec/huffyuvdec: Fix undefined behavior with shift
@ 2023-04-09 14:26 Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 2/6] avcodec/hevc_ps: Check num_ref_loc_offsets Michael Niedermayer
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-04-09 14:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: left shift of negative value -1
Fixes: 57554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFVHUFF_fuzzer-4853603839115264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/huffyuvdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c
index 7d3515cc889..8ba67bbdeb5 100644
--- a/libavcodec/huffyuvdec.c
+++ b/libavcodec/huffyuvdec.c
@@ -695,9 +695,9 @@ static void decode_422_bitstream(HYuvDecContext *s, int count)
/* TODO instead of restarting the read when the code isn't in the first level
* of the joint table, jump into the 2nd level of the individual table. */
#define READ_2PIX_PLANE16(dst0, dst1, plane){\
- dst0 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;\
+ dst0 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)*4;\
dst0 += get_bits(&s->gb, 2);\
- dst1 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;\
+ dst1 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)*4;\
dst1 += get_bits(&s->gb, 2);\
}
static void decode_plane_bitstream(HYuvDecContext *s, int width, int plane)
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* [FFmpeg-devel] [PATCH 2/6] avcodec/hevc_ps: Check num_ref_loc_offsets
2023-04-09 14:26 [FFmpeg-devel] [PATCH 1/6] avcodec/huffyuvdec: Fix undefined behavior with shift Michael Niedermayer
@ 2023-04-09 14:26 ` Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 3/6] avcodec/rka: Fix signed integer overflow in decode_filter() Michael Niedermayer
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-04-09 14:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: Writing arbitrarily over the array end
Fixes: 57812/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4536557859373056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/hevc_ps.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 348e4d8de2d..be1d668c263 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -1392,6 +1392,10 @@ static int pps_multilayer_extension(GetBitContext *gb, AVCodecContext *avctx,
pps->pps_scaling_list_ref_layer_id = get_bits(gb, 6);
pps->num_ref_loc_offsets = get_ue_golomb_long(gb);
+ if (pps->num_ref_loc_offsets > FF_ARRAY_ELEMS(pps->ref_loc_offset_layer_id)) {
+ pps->num_ref_loc_offsets = 0;
+ return AVERROR_INVALIDDATA;
+ }
for (int i = 0; i < pps->num_ref_loc_offsets; i++) {
pps->ref_loc_offset_layer_id[i] = get_bits(gb, 6);
pps->scaled_ref_layer_offset_present_flag[i] = get_bits1(gb);
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* [FFmpeg-devel] [PATCH 3/6] avcodec/rka: Fix signed integer overflow in decode_filter()
2023-04-09 14:26 [FFmpeg-devel] [PATCH 1/6] avcodec/huffyuvdec: Fix undefined behavior with shift Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 2/6] avcodec/hevc_ps: Check num_ref_loc_offsets Michael Niedermayer
@ 2023-04-09 14:26 ` Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 4/6] avcodec/escape124: Check that blocks are allocated before use Michael Niedermayer
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-04-09 14:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: signed integer overflow: -631553 * 32768 cannot be represented in type 'int'
Fixes: 57814/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-4614661233573888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/rka.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/rka.c b/libavcodec/rka.c
index 2212e3f9306..3e86d83819c 100644
--- a/libavcodec/rka.c
+++ b/libavcodec/rka.c
@@ -737,7 +737,7 @@ static int decode_filter(RKAContext *s, ChContext *ctx, ACoder *ac, int off, uns
}
ctx->buf0[off] = ctx->buf1[off] + ctx->buf0[off + -1];
} else {
- val *= 1 << ctx->cmode;
+ val *= 1U << ctx->cmode;
sum += ctx->buf0[off + -1] + val;
switch (s->bps) {
case 16: sum = av_clip_int16(sum); break;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* [FFmpeg-devel] [PATCH 4/6] avcodec/escape124: Check that blocks are allocated before use
2023-04-09 14:26 [FFmpeg-devel] [PATCH 1/6] avcodec/huffyuvdec: Fix undefined behavior with shift Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 2/6] avcodec/hevc_ps: Check num_ref_loc_offsets Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 3/6] avcodec/rka: Fix signed integer overflow in decode_filter() Michael Niedermayer
@ 2023-04-09 14:26 ` Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 5/6] Revert "avcodec/er: remove check for fields" Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 6/6] avformat/rka: Fix division by 0 for bps < 8 Michael Niedermayer
4 siblings, 0 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-04-09 14:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: NULL pointer dereference
Fixes: 57819/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-5077280228769792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/escape124.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c
index e8a8395f4b1..592de09a9fd 100644
--- a/libavcodec/escape124.c
+++ b/libavcodec/escape124.c
@@ -155,7 +155,7 @@ static MacroBlock decode_macroblock(Escape124Context* s, GetBitContext* gb,
// This condition can occur with invalid bitstreams and
// *codebook_index == 2
- if (block_index >= s->codebooks[*codebook_index].size)
+ if (block_index >= s->codebooks[*codebook_index].size || !s->codebooks[*codebook_index].blocks)
return (MacroBlock) { { 0 } };
return s->codebooks[*codebook_index].blocks[block_index];
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* [FFmpeg-devel] [PATCH 5/6] Revert "avcodec/er: remove check for fields"
2023-04-09 14:26 [FFmpeg-devel] [PATCH 1/6] avcodec/huffyuvdec: Fix undefined behavior with shift Michael Niedermayer
` (2 preceding siblings ...)
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 4/6] avcodec/escape124: Check that blocks are allocated before use Michael Niedermayer
@ 2023-04-09 14:26 ` Michael Niedermayer
2023-04-09 21:15 ` Michael Niedermayer
2023-04-14 0:37 ` Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 6/6] avformat/rka: Fix division by 0 for bps < 8 Michael Niedermayer
4 siblings, 2 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-04-09 14:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: out of array write on x86-32
Fixes: 57825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6094366187061248
Fixes: 57829/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-4526419991724032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
This reverts commit f7abe92bd7939b6aeeb2393fe141033e733305d4.
---
libavcodec/error_resilience.c | 9 ++-------
libavcodec/error_resilience.h | 1 -
2 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c
index bd7050062ce..2aa6f1d8640 100644
--- a/libavcodec/error_resilience.c
+++ b/libavcodec/error_resilience.c
@@ -805,7 +805,8 @@ void ff_er_frame_start(ERContext *s)
static int er_supported(ERContext *s)
{
if(s->avctx->hwaccel && s->avctx->hwaccel->decode_slice ||
- !s->cur_pic.f
+ !s->cur_pic.f ||
+ s->cur_pic.field_picture
)
return 0;
return 1;
@@ -907,12 +908,6 @@ void ff_er_frame_end(ERContext *s)
(s->avctx->skip_top + s->avctx->skip_bottom)) {
return;
}
-
- if (!s->warned_fields && (s->cur_pic.field_picture || s->cur_pic.f->interlaced_frame)) {
- av_log(s->avctx, AV_LOG_WARNING, "Error concealment is not fully implemented for field pictures.\n");
- s->warned_fields = 1;
- }
-
linesize = s->cur_pic.f->linesize;
if ( s->avctx->codec_id == AV_CODEC_ID_MPEG2VIDEO
diff --git a/libavcodec/error_resilience.h b/libavcodec/error_resilience.h
index 55efacaccc5..47cc8a4fc67 100644
--- a/libavcodec/error_resilience.h
+++ b/libavcodec/error_resilience.h
@@ -87,7 +87,6 @@ typedef struct ERContext {
int (*mv)[2][4][2],
int mb_x, int mb_y, int mb_intra, int mb_skipped);
void *opaque;
- int warned_fields;
} ERContext;
void ff_er_frame_start(ERContext *s);
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* [FFmpeg-devel] [PATCH 6/6] avformat/rka: Fix division by 0 for bps < 8
2023-04-09 14:26 [FFmpeg-devel] [PATCH 1/6] avcodec/huffyuvdec: Fix undefined behavior with shift Michael Niedermayer
` (3 preceding siblings ...)
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 5/6] Revert "avcodec/er: remove check for fields" Michael Niedermayer
@ 2023-04-09 14:26 ` Michael Niedermayer
2023-04-09 19:02 ` Paul B Mahol
4 siblings, 1 reply; 9+ messages in thread
From: Michael Niedermayer @ 2023-04-09 14:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: division by zero
Fixes: 57828/clusterfuzz-testcase-minimized-ffmpeg_dem_RKA_fuzzer-6571818338353152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/rka.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/rka.c b/libavformat/rka.c
index 39e5b3bce12..c83a17c92cc 100644
--- a/libavformat/rka.c
+++ b/libavformat/rka.c
@@ -100,7 +100,7 @@ static int rka_read_header(AVFormatContext *s)
break;
}
- if ((r = av_add_index_entry(st, framepos, (i * 131072LL) / (channels * (bps >> 3)),
+ if ((r = av_add_index_entry(st, framepos, (i * 131072LL*8) / (channels * bps),
size, 0, AVINDEX_KEYFRAME)) < 0)
return r;
framepos += size;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 6/6] avformat/rka: Fix division by 0 for bps < 8
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 6/6] avformat/rka: Fix division by 0 for bps < 8 Michael Niedermayer
@ 2023-04-09 19:02 ` Paul B Mahol
0 siblings, 0 replies; 9+ messages in thread
From: Paul B Mahol @ 2023-04-09 19:02 UTC (permalink / raw)
To: FFmpeg development discussions and patches
NAK, bps < 8 is invalid
On Sun, Apr 9, 2023 at 4:27 PM Michael Niedermayer <michael@niedermayer.cc>
wrote:
> Fixes: division by zero
> Fixes:
> 57828/clusterfuzz-testcase-minimized-ffmpeg_dem_RKA_fuzzer-6571818338353152
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/rka.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/rka.c b/libavformat/rka.c
> index 39e5b3bce12..c83a17c92cc 100644
> --- a/libavformat/rka.c
> +++ b/libavformat/rka.c
> @@ -100,7 +100,7 @@ static int rka_read_header(AVFormatContext *s)
> break;
> }
>
> - if ((r = av_add_index_entry(st, framepos, (i * 131072LL) /
> (channels * (bps >> 3)),
> + if ((r = av_add_index_entry(st, framepos, (i * 131072LL*8) /
> (channels * bps),
> size, 0, AVINDEX_KEYFRAME)) < 0)
> return r;
> framepos += size;
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 5/6] Revert "avcodec/er: remove check for fields"
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 5/6] Revert "avcodec/er: remove check for fields" Michael Niedermayer
@ 2023-04-09 21:15 ` Michael Niedermayer
2023-04-14 0:37 ` Michael Niedermayer
1 sibling, 0 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-04-09 21:15 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 4800 bytes --]
On Sun, Apr 09, 2023 at 04:26:26PM +0200, Michael Niedermayer wrote:
> Fixes: out of array write on x86-32
> Fixes: 57825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6094366187061248
> Fixes: 57829/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-4526419991724032
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> This reverts commit f7abe92bd7939b6aeeb2393fe141033e733305d4.
> ---
> libavcodec/error_resilience.c | 9 ++-------
> libavcodec/error_resilience.h | 1 -
> 2 files changed, 2 insertions(+), 8 deletions(-)
Heres a backtrace for this btw
==7150==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf62fe800 at pc 0x0899a5e5 bp 0xffc46c68 sp 0xffc46c60
WRITE of size 4 at 0xf62fe800 thread T0
#0 0x899a5e4 in put_pixels8_8_c libavcodec/pel_template.c:78:1
#1 0x8999ce3 in put_pixels16_8_c libavcodec/pel_template.c:78:1
#2 0x82fafc4 in mpv_reconstruct_mb_internal libavcodec/mpv_reconstruct_mb_template.c:294:13
#3 0x82fafc4 in ff_mpv_reconstruct_mb libavcodec/mpegvideo_dec.c:1023
#4 0x82ae910 in mpeg_er_decode_mb libavcodec/mpeg_er.c:99:5
#5 0x8752695 in guess_mv libavcodec/error_resilience.c:452:17
#6 0x873cd02 in ff_er_frame_end libavcodec/error_resilience.c:1231:9
#7 0x8273b04 in slice_end libavcodec/mpeg12dec.c:2027:9
#8 0x8273b04 in decode_chunks libavcodec/mpeg12dec.c:2464
#9 0x824455e in mpeg_decode_frame libavcodec/mpeg12dec.c:2813:11
#10 0x818e36b in decode_simple_internal libavcodec/decode.c:287:15
#11 0x816e31b in decode_simple_receive_frame libavcodec/decode.c:540:15
#12 0x816e31b in decode_receive_frame_internal libavcodec/decode.c:560
#13 0x816d7d6 in avcodec_send_packet libavcodec/decode.c:635:15
#14 0x8129196 in LLVMFuzzerTestOneInput tools/target_dec_fuzzer.c:513:25
#15 0x9060434 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) Fuzzer/./FuzzerLoop.cpp:495:13
#16 0x9056298 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned int) Fuzzer/./FuzzerDriver.cpp:273:6
#17 0x905a607 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) Fuzzer/./FuzzerDriver.cpp:690:9
#18 0x9056026 in main Fuzzer/./FuzzerMain.cpp:20:10
#19 0xf7aaffa0 in __libc_start_main /build/glibc-IskIyT/glibc-2.27/csu/../csu/libc-start.c:310
#20 0x8079541 in _start (tools/target_dec_mpeg2video_fuzzer+0x8079541)
0xf62fe800 is located 0 bytes to the right of 532480-byte region [0xf627c800,0xf62fe800)
allocated by thread T0 here:
#0 0x80f0c5c in posix_memalign /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:226:3
#1 0x8fcda9b in av_malloc libavutil/mem.c:105:9
#2 0x8f290a9 in av_buffer_alloc libavutil/buffer.c:82:12
#3 0x81319aa in fuzz_video_get_buffer tools/target_dec_fuzzer.c:131:25
#4 0x81319aa in fuzz_get_buffer2 tools/target_dec_fuzzer.c:152
#5 0x8186c1c in ff_get_buffer libavcodec/decode.c:1545:11
#6 0x839c0d1 in ff_thread_get_ext_buffer libavcodec/pthread_frame.c:947:16
#7 0x8b65f9f in alloc_frame_buffer libavcodec/mpegpicture.c:145:13
#8 0x8b65f9f in ff_alloc_picture libavcodec/mpegpicture.c:272
#9 0x82eab7d in alloc_picture libavcodec/mpegvideo_dec.c:245:12
#10 0x82dd1c7 in ff_mpv_frame_start libavcodec/mpegvideo_dec.c:329:9
#11 0x825eee7 in mpeg_field_start libavcodec/mpeg12dec.c:1580:20
#12 0x825eee7 in decode_chunks libavcodec/mpeg12dec.c:2712
#13 0x824455e in mpeg_decode_frame libavcodec/mpeg12dec.c:2813:11
#14 0x818e36b in decode_simple_internal libavcodec/decode.c:287:15
#15 0x816e31b in decode_simple_receive_frame libavcodec/decode.c:540:15
#16 0x816e31b in decode_receive_frame_internal libavcodec/decode.c:560
#17 0x816d7d6 in avcodec_send_packet libavcodec/decode.c:635:15
#18 0x8129196 in LLVMFuzzerTestOneInput tools/target_dec_fuzzer.c:513:25
#19 0x9060434 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) Fuzzer/./FuzzerLoop.cpp:495:13
#20 0x9056298 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned int) Fuzzer/./FuzzerDriver.cpp:273:6
#21 0x905a607 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) Fuzzer/./FuzzerDriver.cpp:690:9
#22 0x9056026 in main Fuzzer/./FuzzerMain.cpp:20:10
#23 0xf7aaffa0 in __libc_start_main /build/glibc-IskIyT/glibc-2.27/csu/../csu/libc-start.c:310
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [FFmpeg-devel] [PATCH 5/6] Revert "avcodec/er: remove check for fields"
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 5/6] Revert "avcodec/er: remove check for fields" Michael Niedermayer
2023-04-09 21:15 ` Michael Niedermayer
@ 2023-04-14 0:37 ` Michael Niedermayer
1 sibling, 0 replies; 9+ messages in thread
From: Michael Niedermayer @ 2023-04-14 0:37 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1073 bytes --]
On Sun, Apr 09, 2023 at 04:26:26PM +0200, Michael Niedermayer wrote:
> Fixes: out of array write on x86-32
> Fixes: 57825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6094366187061248
> Fixes: 57829/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-4526419991724032
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> This reverts commit f7abe92bd7939b6aeeb2393fe141033e733305d4.
> ---
> libavcodec/error_resilience.c | 9 ++-------
> libavcodec/error_resilience.h | 1 -
> 2 files changed, 2 insertions(+), 8 deletions(-)
will apply this tomorrow (and also other parts of the patchset which have not
received any comments)
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The real ebay dictionary, page 1
"Used only once" - "Some unspecified defect prevented a second use"
"In good condition" - "Can be repaird by experienced expert"
"As is" - "You wouldnt want it even if you were payed for it, if you knew ..."
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-04-14 12:06 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-09 14:26 [FFmpeg-devel] [PATCH 1/6] avcodec/huffyuvdec: Fix undefined behavior with shift Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 2/6] avcodec/hevc_ps: Check num_ref_loc_offsets Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 3/6] avcodec/rka: Fix signed integer overflow in decode_filter() Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 4/6] avcodec/escape124: Check that blocks are allocated before use Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 5/6] Revert "avcodec/er: remove check for fields" Michael Niedermayer
2023-04-09 21:15 ` Michael Niedermayer
2023-04-14 0:37 ` Michael Niedermayer
2023-04-09 14:26 ` [FFmpeg-devel] [PATCH 6/6] avformat/rka: Fix division by 0 for bps < 8 Michael Niedermayer
2023-04-09 19:02 ` Paul B Mahol
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git