Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
* [FFmpeg-devel] [PATCH 1/6] avcodec/osq: Check that pkt_offset does not exceed pkt size
@ 2023-09-21 18:09 Michael Niedermayer
  2023-09-21 18:09 ` [FFmpeg-devel] [PATCH 2/6] avcodec/wavarc: Fix integer overflwo in do_stereo() Michael Niedermayer
                   ` (5 more replies)
  0 siblings, 6 replies; 12+ messages in thread
From: Michael Niedermayer @ 2023-09-21 18:09 UTC (permalink / raw)
  To: FFmpeg development discussions and patches

Fixes: out of array access
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6227491892887552
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6268561729126400
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6414805046788096
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6538151088488448
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6608131540779008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/osq.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/osq.c b/libavcodec/osq.c
index e7f11691d2e..bcc75fef6fc 100644
--- a/libavcodec/osq.c
+++ b/libavcodec/osq.c
@@ -408,6 +408,9 @@ static int osq_receive_frame(AVCodecContext *avctx, AVFrame *frame)
     GetBitContext *gb = &s->gb;
     int ret, n;
 
+    if (s->pkt_offset > s->pkt->size)
+        s->pkt_offset = 0;
+
     while (s->bitstream_size < s->max_framesize) {
         int size;
 
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-10-03 14:32 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-21 18:09 [FFmpeg-devel] [PATCH 1/6] avcodec/osq: Check that pkt_offset does not exceed pkt size Michael Niedermayer
2023-09-21 18:09 ` [FFmpeg-devel] [PATCH 2/6] avcodec/wavarc: Fix integer overflwo in do_stereo() Michael Niedermayer
2023-10-03 14:32   ` Michael Niedermayer
2023-09-21 18:09 ` [FFmpeg-devel] [PATCH 3/6] avcodec/wavarc: Allocate AV_INPUT_BUFFER_PADDING_SIZE Michael Niedermayer
2023-09-21 18:09 ` [FFmpeg-devel] [PATCH 4/6] avcodec/wavarc: Check k in decode_5elp() Michael Niedermayer
2023-09-21 18:09 ` [FFmpeg-devel] [PATCH 5/6] avcodec/jpegxl_parse: Cleanup on error in read_vlc_prefix() Michael Niedermayer
2023-09-21 18:09 ` [FFmpeg-devel] [PATCH 6/6] avformat/mov: Check avif_info Michael Niedermayer
2023-09-28 10:37   ` Anton Khirnov
2023-09-29 19:35     ` Michael Niedermayer
2023-09-21 18:14 ` [FFmpeg-devel] [PATCH 1/6] avcodec/osq: Check that pkt_offset does not exceed pkt size Paul B Mahol
2023-09-22 16:47   ` Michael Niedermayer
2023-09-22 17:36     ` Paul B Mahol

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git