* [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC
@ 2023-04-23 22:32 Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 2/6] avcodec/apedec: Move pointer instead of copying each element in delay in long_filter_high_3800() Michael Niedermayer
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-23 22:32 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: Timeout
Fixes: 56753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FMVC_fuzzer-5115163557888000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
tools/target_dec_fuzzer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 93869db04c..f059ddb4c7 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -233,6 +233,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
case AV_CODEC_ID_FLAC: maxsamples /= 1024; break;
case AV_CODEC_ID_FLIC: maxpixels /= 1024; break;
case AV_CODEC_ID_FLV1: maxpixels /= 1024; break;
+ case AV_CODEC_ID_FMVC: maxpixels /= 1024; break;
case AV_CODEC_ID_G2M: maxpixels /= 1024; break;
case AV_CODEC_ID_GEM: maxpixels /= 512; break;
case AV_CODEC_ID_GDV: maxpixels /= 512; break;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* [FFmpeg-devel] [PATCH 2/6] avcodec/apedec: Move pointer instead of copying each element in delay in long_filter_high_3800()
2023-04-23 22:32 [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
@ 2023-04-23 22:32 ` Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 3/6] avcodec/apedec: Factor constant sign out of loop " Michael Niedermayer
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-23 22:32 UTC (permalink / raw)
To: FFmpeg development discussions and patches
~1000 -> 930 cycles
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/apedec.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index c08d13d6c2..40cd78a991 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -944,7 +944,7 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift, int len
{
int i, j;
int32_t dotprod, sign;
- int32_t coeffs[256], delay[256];
+ int32_t coeffs[256], delay[256+256], *delayp = delay;
if (order >= length)
return;
@@ -956,13 +956,16 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift, int len
dotprod = 0;
sign = APESIGN(buffer[i]);
for (j = 0; j < order; j++) {
- dotprod += delay[j] * (unsigned)coeffs[j];
- coeffs[j] += ((delay[j] >> 31) | 1) * sign;
+ dotprod += delayp[j] * (unsigned)coeffs[j];
+ coeffs[j] += ((delayp[j] >> 31) | 1) * sign;
}
buffer[i] -= (unsigned)(dotprod >> shift);
- for (j = 0; j < order - 1; j++)
- delay[j] = delay[j + 1];
- delay[order - 1] = buffer[i];
+ delayp ++;
+ delayp[order - 1] = buffer[i];
+ if (delayp - delay == 256) {
+ memcpy(delay, delayp, sizeof(*delay)*256);
+ delayp = delay;
+ }
}
}
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* [FFmpeg-devel] [PATCH 3/6] avcodec/apedec: Factor constant sign out of loop in long_filter_high_3800()
2023-04-23 22:32 [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 2/6] avcodec/apedec: Move pointer instead of copying each element in delay in long_filter_high_3800() Michael Niedermayer
@ 2023-04-23 22:32 ` Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 4/6] tools/target_dec_fuzzer: Adjust threshold for APE Michael Niedermayer
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-23 22:32 UTC (permalink / raw)
To: FFmpeg development discussions and patches
930 -> 850 cycles
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/apedec.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 40cd78a991..772636afde 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -955,9 +955,20 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift, int len
for (i = order; i < length; i++) {
dotprod = 0;
sign = APESIGN(buffer[i]);
- for (j = 0; j < order; j++) {
- dotprod += delayp[j] * (unsigned)coeffs[j];
- coeffs[j] += ((delayp[j] >> 31) | 1) * sign;
+ if (sign == 1) {
+ for (j = 0; j < order; j++) {
+ dotprod += delayp[j] * (unsigned)coeffs[j];
+ coeffs[j] += (delayp[j] >> 31) | 1;
+ }
+ } else if (sign == -1) {
+ for (j = 0; j < order; j++) {
+ dotprod += delayp[j] * (unsigned)coeffs[j];
+ coeffs[j] -= (delayp[j] >> 31) | 1;
+ }
+ } else {
+ for (j = 0; j < order; j++) {
+ dotprod += delayp[j] * (unsigned)coeffs[j];
+ }
}
buffer[i] -= (unsigned)(dotprod >> shift);
delayp ++;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* [FFmpeg-devel] [PATCH 4/6] tools/target_dec_fuzzer: Adjust threshold for APE
2023-04-23 22:32 [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 2/6] avcodec/apedec: Move pointer instead of copying each element in delay in long_filter_high_3800() Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 3/6] avcodec/apedec: Factor constant sign out of loop " Michael Niedermayer
@ 2023-04-23 22:32 ` Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 5/6] avcodec/cavsdec: Check bits left before picture allocation Michael Niedermayer
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-23 22:32 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: Timeout
Fixes: 57889/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5262308950802432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
tools/target_dec_fuzzer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index f059ddb4c7..87a9f6eb17 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -211,6 +211,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
case AV_CODEC_ID_AASC: maxpixels /= 1024; break;
case AV_CODEC_ID_AGM: maxpixels /= 1024; break;
case AV_CODEC_ID_ANM: maxpixels /= 1024; break;
+ case AV_CODEC_ID_APE: maxsamples /= 16384; break;
case AV_CODEC_ID_ARBC: maxpixels /= 1024; break;
case AV_CODEC_ID_ARGO: maxpixels /= 1024; break;
case AV_CODEC_ID_BETHSOFTVID: maxpixels /= 8192; break;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* [FFmpeg-devel] [PATCH 5/6] avcodec/cavsdec: Check bits left before picture allocation
2023-04-23 22:32 [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
` (2 preceding siblings ...)
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 4/6] tools/target_dec_fuzzer: Adjust threshold for APE Michael Niedermayer
@ 2023-04-23 22:32 ` Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 6/6] avcodec/bonk: decode multiple passes in intlist_read() at once Michael Niedermayer
2023-04-30 20:03 ` [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
5 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-23 22:32 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: Timeout
Fixes: 57893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5091726540013568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/cavsdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index b1fa9a981d..37071dfbc7 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -1020,6 +1020,9 @@ static int decode_pic(AVSContext *h)
skip_bits(&h->gb, 1); //marker_bit
}
+ if (get_bits_left(&h->gb) < 23)
+ return AVERROR_INVALIDDATA;
+
ret = ff_get_buffer(h->avctx, h->cur.f, h->cur.f->pict_type == AV_PICTURE_TYPE_B ?
0 : AV_GET_BUFFER_FLAG_REF);
if (ret < 0)
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* [FFmpeg-devel] [PATCH 6/6] avcodec/bonk: decode multiple passes in intlist_read() at once
2023-04-23 22:32 [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
` (3 preceding siblings ...)
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 5/6] avcodec/cavsdec: Check bits left before picture allocation Michael Niedermayer
@ 2023-04-23 22:32 ` Michael Niedermayer
2023-04-30 20:03 ` [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
5 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-23 22:32 UTC (permalink / raw)
To: FFmpeg development discussions and patches
This makes the worst case much faster
Fixes: Timeout
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
Fixes: 57957/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5874095467397120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/bonk.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index 5f510e4910..4a00270392 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -155,6 +155,7 @@ static int intlist_read(BonkContext *s, int *buf, int entries, int base_2_part)
int n_zeros = 0, step = 256, dominant = 0;
int pos = 0, level = 0;
BitCount *bits = s->bits;
+ int passes = 1;
memset(buf, 0, entries * sizeof(*buf));
if (base_2_part) {
@@ -216,24 +217,28 @@ static int intlist_read(BonkContext *s, int *buf, int entries, int base_2_part)
x = 0;
n_zeros = 0;
for (i = 0; n_zeros < entries; i++) {
+ if (x >= max_x)
+ return AVERROR_INVALIDDATA;
+
if (pos >= entries) {
pos = 0;
- level += 1 << low_bits;
+ level += passes << low_bits;
+ passes = 1;
+ if (bits[x].bit && bits[x].count > entries - n_zeros)
+ passes = bits[x].count / (entries - n_zeros);
}
if (level > 1 << 16)
return AVERROR_INVALIDDATA;
- if (x >= max_x)
- return AVERROR_INVALIDDATA;
-
if (buf[pos] >= level) {
if (bits[x].bit)
- buf[pos] += 1 << low_bits;
+ buf[pos] += passes << low_bits;
else
n_zeros++;
- bits[x].count--;
+ av_assert1(bits[x].count >= passes);
+ bits[x].count -= passes;
x += bits[x].count == 0;
}
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC
2023-04-23 22:32 [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
` (4 preceding siblings ...)
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 6/6] avcodec/bonk: decode multiple passes in intlist_read() at once Michael Niedermayer
@ 2023-04-30 20:03 ` Michael Niedermayer
5 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-30 20:03 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 684 bytes --]
On Mon, Apr 24, 2023 at 12:32:31AM +0200, Michael Niedermayer wrote:
> Fixes: Timeout
> Fixes: 56753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FMVC_fuzzer-5115163557888000
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> tools/target_dec_fuzzer.c | 1 +
> 1 file changed, 1 insertion(+)
will apply patchset
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The smallest minority on earth is the individual. Those who deny
individual rights cannot claim to be defenders of minorities. - Ayn Rand
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-04-30 20:03 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-23 22:32 [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 2/6] avcodec/apedec: Move pointer instead of copying each element in delay in long_filter_high_3800() Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 3/6] avcodec/apedec: Factor constant sign out of loop " Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 4/6] tools/target_dec_fuzzer: Adjust threshold for APE Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 5/6] avcodec/cavsdec: Check bits left before picture allocation Michael Niedermayer
2023-04-23 22:32 ` [FFmpeg-devel] [PATCH 6/6] avcodec/bonk: decode multiple passes in intlist_read() at once Michael Niedermayer
2023-04-30 20:03 ` [FFmpeg-devel] [PATCH 1/6] tools/target_dec_fuzzer: Adjust threshold for FMVC Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git