From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id B4AA546A6D
	for <ffmpegdev@gitmailbox.com>; Tue, 31 Oct 2023 22:00:32 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1B1D768CD10;
	Wed,  1 Nov 2023 00:00:29 +0200 (EET)
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net
 [217.70.183.200])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 194DE68AEB9
 for <ffmpeg-devel@ffmpeg.org>; Wed,  1 Nov 2023 00:00:22 +0200 (EET)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 700C520003
 for <ffmpeg-devel@ffmpeg.org>; Tue, 31 Oct 2023 22:00:21 +0000 (UTC)
Date: Tue, 31 Oct 2023 23:00:20 +0100
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20231031220020.GV3543730@pb2>
References: <20231012232759.5352-1-michael@niedermayer.cc>
 <CGME20231012232829eucas1p1c53b05760758a881bfeca2caf8bb3e2a@eucas1p1.samsung.com>
 <20231012232759.5352-3-michael@niedermayer.cc>
 <013f01da08d5$d6920140$83b603c0$@samsung.com>
MIME-Version: 1.0
In-Reply-To: <013f01da08d5$d6920140$83b603c0$@samsung.com>
X-GND-Sasl: michael@niedermayer.cc
Subject: Re: [FFmpeg-devel] [PATCH 3/3] avcodec/evc_parse: Check tid
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============5422802361457267472=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20231031220020.GV3543730@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============5422802361457267472==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="WdpE+x0MzJ6JBEZq"
Content-Disposition: inline


--WdpE+x0MzJ6JBEZq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 27, 2023 at 03:02:27PM +0200, Dawid Kozinski/Multimedia (PLT) /=
SRPOL/Staff Engineer/Samsung Electronics wrote:
>=20
>=20
>=20
>=20
> > -----Original Message-----
> > From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> > Michael Niedermayer
> > Sent: pi=C4=85tek, 13 pa=C5=BAdziernika 2023 01:28
> > To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
> > Subject: [FFmpeg-devel] [PATCH 3/3] avcodec/evc_parse: Check tid
> >=20
> > The check is based on not infinite looping. It is likely a more strict
> check can be
> > done
> >=20
> > Fixes: Infinite loop
> > Fixes: 62473/clusterfuzz-testcase-minimized-
> > ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-5719883750703104
> > Fixes: 62765/clusterfuzz-testcase-minimized-ffmpeg_dem_EVC_fuzzer-
> > 6448531252314112
> >=20
> > Found-by: continuous fuzzing process
> > https://protect2.fireeye.com/v1/url?k=3D06e4faf3-676fefea-06e571bc-
> > 74fe485cbfec-11816a289a0e9c00&q=3D1&e=3D16696cd9-38c1-42d0-9196-
> > 8ad7c6d1d0d6&u=3Dhttps%3A%2F%2Fgithub.com%2Fgoogle%2Foss-
> > fuzz%2Ftree%2Fmaster%2Fprojects%2Fffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/evc_parse.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >=20
> > diff --git a/libavcodec/evc_parse.c b/libavcodec/evc_parse.c index
> > 255706ce61..43b8dabf8b 100644
> > --- a/libavcodec/evc_parse.c
> > +++ b/libavcodec/evc_parse.c
> > @@ -174,6 +174,9 @@ int ff_evc_derive_poc(const EVCParamSets *ps, const
> > EVCParserSliceHeader *sh,
> >          } else {
> >              int SubGopLength =3D 1 << sps->log2_sub_gop_length;
> >=20
> > +            if (tid > (SubGopLength > 1 ? 1 + av_log2(SubGopLength - 1=
) :
> 0))
> > +                return AVERROR_INVALIDDATA;
> > +
> >              if (tid =3D=3D 0) {
> >                  poc->PicOrderCntVal =3D poc->prevPicOrderCntVal +
> SubGopLength;
> >                  poc->DocOffset =3D 0;
> > --
>=20
>=20
> Looks good

will apply

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The educated differ from the uneducated as much as the living from the
dead. -- Aristotle=20

--WdpE+x0MzJ6JBEZq
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZUF48AAKCRBhHseHBAsP
q0OgAKCKCZTyJ2xQpCqyiy57s6T5awJnrQCfYRWtDl7jS0aycNV4LvujmQuJVWc=
=gtwu
-----END PGP SIGNATURE-----

--WdpE+x0MzJ6JBEZq--

--===============5422802361457267472==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============5422802361457267472==--