* [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding
@ 2024-08-04 14:23 Michael Niedermayer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize bit buffer Michael Niedermayer
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Michael Niedermayer @ 2024-08-04 14:23 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70855/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MEDIA100_fuzzer-5537446610141184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/bsf/media100_to_mjpegb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/bsf/media100_to_mjpegb.c b/libavcodec/bsf/media100_to_mjpegb.c
index 6e117ae20fb..4b2dc1a35ac 100644
--- a/libavcodec/bsf/media100_to_mjpegb.c
+++ b/libavcodec/bsf/media100_to_mjpegb.c
@@ -148,6 +148,7 @@ second_field:
AV_WB32(out->data + second_field_offset + 36, sod_offset[1] - second_field_offset);
out->size = bytestream2_tell_p(&pb);
+ memset(out->data + out->size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
ret = av_packet_copy_props(out, in);
if (ret < 0)
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize bit buffer
2024-08-04 14:23 [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding Michael Niedermayer
@ 2024-08-04 14:23 ` Michael Niedermayer
2024-08-05 0:08 ` Kacper Michajlow
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 3/4] avcodec/mvha: Clear remaining space after inflate() Michael Niedermayer
` (2 subsequent siblings)
3 siblings, 1 reply; 8+ messages in thread
From: Michael Niedermayer @ 2024-08-04 14:23 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70837/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5089407768526848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/jpegxl_anim_dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c
index ac95d3b9617..3045167e1f9 100644
--- a/libavformat/jpegxl_anim_dec.c
+++ b/libavformat/jpegxl_anim_dec.c
@@ -77,7 +77,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
JXLAnimDemuxContext *ctx = s->priv_data;
AVIOContext *pb = s->pb;
AVStream *st;
- uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE];
+ uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE] = {0};
const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE;
int headsize = 0, ret;
FFJXLMetadata meta = { 0 };
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* [FFmpeg-devel] [PATCH 3/4] avcodec/mvha: Clear remaining space after inflate()
2024-08-04 14:23 [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding Michael Niedermayer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize bit buffer Michael Niedermayer
@ 2024-08-04 14:23 ` Michael Niedermayer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 4/4] avformat/wavdec: Check if there are 16 bytes before testing them Michael Niedermayer
2024-08-14 15:08 ` [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding Michael Niedermayer
3 siblings, 0 replies; 8+ messages in thread
From: Michael Niedermayer @ 2024-08-04 14:23 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70838/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-4878509466517504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/mvha.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/mvha.c b/libavcodec/mvha.c
index 24dd88e8542..4aad56640ee 100644
--- a/libavcodec/mvha.c
+++ b/libavcodec/mvha.c
@@ -183,6 +183,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
av_log(avctx, AV_LOG_ERROR, "Inflate error: %d\n", ret);
return AVERROR_EXTERNAL;
}
+ if (zstream->avail_out > 0)
+ memset(zstream->next_out, 0, zstream->avail_out);
}
}
} else if (type == MKTAG('H','U','F','Y')) {
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* [FFmpeg-devel] [PATCH 4/4] avformat/wavdec: Check if there are 16 bytes before testing them
2024-08-04 14:23 [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding Michael Niedermayer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize bit buffer Michael Niedermayer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 3/4] avcodec/mvha: Clear remaining space after inflate() Michael Niedermayer
@ 2024-08-04 14:23 ` Michael Niedermayer
2024-08-05 20:34 ` Michael Niedermayer
2024-08-14 15:08 ` [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding Michael Niedermayer
3 siblings, 1 reply; 8+ messages in thread
From: Michael Niedermayer @ 2024-08-04 14:23 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70839/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5212907590189056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/wavdec.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c
index 00856a5eca2..78e37b88d75 100644
--- a/libavformat/wavdec.c
+++ b/libavformat/wavdec.c
@@ -874,8 +874,7 @@ static int w64_read_header(AVFormatContext *s)
uint8_t guid[16];
int ret;
- avio_read(pb, guid, 16);
- if (memcmp(guid, ff_w64_guid_riff, 16))
+ if (avio_read(pb, guid, 16) != 16 || memcmp(guid, ff_w64_guid_riff, 16))
return AVERROR_INVALIDDATA;
/* riff + wave + fmt + sizes */
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize bit buffer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize bit buffer Michael Niedermayer
@ 2024-08-05 0:08 ` Kacper Michajlow
2024-08-05 19:37 ` Michael Niedermayer
0 siblings, 1 reply; 8+ messages in thread
From: Kacper Michajlow @ 2024-08-05 0:08 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On Sun, 4 Aug 2024 at 16:23, Michael Niedermayer <michael@niedermayer.cc> wrote:
>
> Fixes: use-of-uninitialized-value
> Fixes: 70837/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5089407768526848
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/jpegxl_anim_dec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c
> index ac95d3b9617..3045167e1f9 100644
> --- a/libavformat/jpegxl_anim_dec.c
> +++ b/libavformat/jpegxl_anim_dec.c
> @@ -77,7 +77,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
> JXLAnimDemuxContext *ctx = s->priv_data;
> AVIOContext *pb = s->pb;
> AVStream *st;
> - uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE];
> + uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE] = {0};
> const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE;
> int headsize = 0, ret;
> FFJXLMetadata meta = { 0 };
> --
> 2.45.2
Not sure it is required to zero the whole buffer. I sent an
alternative patch some time ago, which clears only the relevant area.
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-4-kasper93@gmail.com/
- Kacper
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize bit buffer
2024-08-05 0:08 ` Kacper Michajlow
@ 2024-08-05 19:37 ` Michael Niedermayer
0 siblings, 0 replies; 8+ messages in thread
From: Michael Niedermayer @ 2024-08-05 19:37 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1722 bytes --]
On Mon, Aug 05, 2024 at 02:08:06AM +0200, Kacper Michajlow wrote:
> On Sun, 4 Aug 2024 at 16:23, Michael Niedermayer <michael@niedermayer.cc> wrote:
> >
> > Fixes: use-of-uninitialized-value
> > Fixes: 70837/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5089407768526848
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavformat/jpegxl_anim_dec.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c
> > index ac95d3b9617..3045167e1f9 100644
> > --- a/libavformat/jpegxl_anim_dec.c
> > +++ b/libavformat/jpegxl_anim_dec.c
> > @@ -77,7 +77,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
> > JXLAnimDemuxContext *ctx = s->priv_data;
> > AVIOContext *pb = s->pb;
> > AVStream *st;
> > - uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE];
> > + uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE] = {0};
> > const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE;
> > int headsize = 0, ret;
> > FFJXLMetadata meta = { 0 };
> > --
> > 2.45.2
>
> Not sure it is required to zero the whole buffer. I sent an
> alternative patch some time ago, which clears only the relevant area.
> https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-4-kasper93@gmail.com/
ill apply yours then instead
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [FFmpeg-devel] [PATCH 4/4] avformat/wavdec: Check if there are 16 bytes before testing them
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 4/4] avformat/wavdec: Check if there are 16 bytes before testing them Michael Niedermayer
@ 2024-08-05 20:34 ` Michael Niedermayer
0 siblings, 0 replies; 8+ messages in thread
From: Michael Niedermayer @ 2024-08-05 20:34 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 622 bytes --]
On Sun, Aug 04, 2024 at 04:23:15PM +0200, Michael Niedermayer wrote:
> Fixes: use-of-uninitialized-value
> Fixes: 70839/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5212907590189056
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/wavdec.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
What does censorship reveal? It reveals fear. -- Julian Assange
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding
2024-08-04 14:23 [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding Michael Niedermayer
` (2 preceding siblings ...)
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 4/4] avformat/wavdec: Check if there are 16 bytes before testing them Michael Niedermayer
@ 2024-08-14 15:08 ` Michael Niedermayer
3 siblings, 0 replies; 8+ messages in thread
From: Michael Niedermayer @ 2024-08-14 15:08 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 890 bytes --]
On Sun, Aug 04, 2024 at 04:23:12PM +0200, Michael Niedermayer wrote:
> Fixes: use-of-uninitialized-value
> Fixes: 70855/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MEDIA100_fuzzer-5537446610141184
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/bsf/media100_to_mjpegb.c | 1 +
> 1 file changed, 1 insertion(+)
will apply the remaining 2 patches of this set
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Any man who breaks a law that conscience tells him is unjust and willingly
accepts the penalty by staying in jail in order to arouse the conscience of
the community on the injustice of the law is at that moment expressing the
very highest respect for law. - Martin Luther King Jr
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-08-14 15:08 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-04 14:23 [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding Michael Niedermayer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize bit buffer Michael Niedermayer
2024-08-05 0:08 ` Kacper Michajlow
2024-08-05 19:37 ` Michael Niedermayer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 3/4] avcodec/mvha: Clear remaining space after inflate() Michael Niedermayer
2024-08-04 14:23 ` [FFmpeg-devel] [PATCH 4/4] avformat/wavdec: Check if there are 16 bytes before testing them Michael Niedermayer
2024-08-05 20:34 ` Michael Niedermayer
2024-08-14 15:08 ` [FFmpeg-devel] [PATCH 1/4] bsf/media100_to_mjpegb: Clear output buffer padding Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git