From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id B28A54B04B for ; Thu, 27 Jun 2024 00:52:37 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0530F68D729; Thu, 27 Jun 2024 03:52:35 +0300 (EEST) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7901D68D712 for ; Thu, 27 Jun 2024 03:52:28 +0300 (EEST) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-7066463c841so3713075b3a.1 for ; Wed, 26 Jun 2024 17:52:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719449546; x=1720054346; darn=ffmpeg.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=zW/yL10LpTPmknReV2FNoABpT9Vh0DBduexNRwUh6ys=; b=BfXIshud01JL2EgUeTX7ZFA9tcBJwaWuWjRQf1sB0v5PlHBxJjHx64H53PMxqOv9Zp YOmM+Lt8Y1tvFn780yNimh+bC+oFpZx+jEwUvB3IMk8mpqjQjDoF9VXLmZb6cIQqqY6N 8Z36YwCISjfBTbQqBoFfl1ebQE1YXIgKAcs68+Yv5G9y8fsrqyP7PFdo8hYoNTBXXuql Meixm4dtYbo7fXquJUB2BTPR4W1RO/V/7OEkT3sQhx469qJHNeb9IRJ2W3lGHWj/l/Un WiS3JsS4oxovKNRpIba0AMDfVsFRLRu59pC6JDvE+lughjq+3KMsjU340SBK4Q+NFeb8 6S7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719449546; x=1720054346; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=zW/yL10LpTPmknReV2FNoABpT9Vh0DBduexNRwUh6ys=; b=nip+PiBog+bht4DfZ/KrwYTScr1AcSymuvVLt05Lu1agsg790kBzcIxylA8Ealjpnc FuX9hQ7+urhde89b0hsAJovWC5EwwAqsG5Ntxc30f+8lcx89OKiPZ+A5IWZf1Nj2qBVQ gEr5kE+zT1q7WDhe1iBP8xu/3bEodD9C7GE3EZFRk4BHp6GI+4tTazDgettqeDkLebzq wSyiwZQGxwpUqcKNPttf0fOvMKMY0aidxQCAsHNovhTUe4VLUYeyPri8+TecxcMN1fWy pptKPa0FSErUzJFFpv/7QxkA88tctoGvnOJ/bReqbpDLBAHC+HkZwP/M4XvmICL7FnP9 WBIQ== X-Gm-Message-State: AOJu0YwfWEDPxTuVUvk0fAnisF4QskhgawDM7xRpEoxI6Crr7d3rPWrX aG92RGcNAe0pR105n4X1LsutiAYh8msDVsmHzXv2/oN/Fh6M0QQ9hCm5gQ== X-Google-Smtp-Source: AGHT+IEYx/lc9XHlhnbje6Xa4qzHzpS1vPWebx4qwzR7El2Mq5b48b5AZSZauh5VU9w/DRiecJ5C5w== X-Received: by 2002:a05:6a00:929d:b0:706:67c9:16d0 with SMTP id d2e1a72fcca58-706746f0a52mr13811826b3a.26.1719449545997; Wed, 26 Jun 2024 17:52:25 -0700 (PDT) Received: from [192.168.0.16] ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-706b492086esm108700b3a.87.2024.06.26.17.52.24 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Jun 2024 17:52:25 -0700 (PDT) Message-ID: <40908cf3-7e3a-4a57-a23e-43bf153c20bd@gmail.com> Date: Wed, 26 Jun 2024 21:52:44 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240322230818.18997-1-michael@niedermayer.cc> Content-Language: en-US From: James Almer In-Reply-To: <20240322230818.18997-1-michael@niedermayer.cc> Subject: Re: [FFmpeg-devel] [PATCH 1/3] avformat/cafdec: sanity check channels and bps X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 3/22/2024 8:08 PM, Michael Niedermayer wrote: > Fixes: Timeout > Fixes: 67044/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5791144363491328 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavformat/cafdec.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c > index 426c56b9bd..334077efb5 100644 > --- a/libavformat/cafdec.c > +++ b/libavformat/cafdec.c > @@ -33,6 +33,7 @@ > #include "isom.h" > #include "mov_chan.h" > #include "libavcodec/flac.h" > +#include "libavcodec/internal.h" > #include "libavutil/intreadwrite.h" > #include "libavutil/intfloat.h" > #include "libavutil/dict.h" > @@ -87,6 +88,10 @@ static int read_desc_chunk(AVFormatContext *s) > st->codecpar->ch_layout.nb_channels = avio_rb32(pb); > st->codecpar->bits_per_coded_sample = avio_rb32(pb); > > + if (st->codecpar->ch_layout.nb_channels > FF_SANE_NB_CHANNELS || > + st->codecpar->bits_per_coded_sample > 64) Where does the process take so long that oss-fuzz gets a timeout if these are unreasonably high? I don't see nb_channels used anywhere in here where that matters. Is it in the PCM decoder? Because that decoder is meant to handle any arbitrary amount of channels, so limiting it to whatever FF_SANE_NB_CHANNELS is set to is not ok. And is the bits_per_coded_sample > 64 check to prevent codec_id being AV_CODEC_ID_NONE? if so, how does that affect demuxing time? AV_CODEC_ID_NONE for that matter could happen for valid files with a codec we don't currently support. > + return AVERROR_INVALIDDATA; > + > if (caf->bytes_per_packet < 0 || caf->frames_per_packet < 0 || st->codecpar->ch_layout.nb_channels < 0) > return AVERROR_INVALIDDATA; > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".