From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id C27CA47A06 for ; Sat, 27 Apr 2024 09:36:47 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3A78668D2B0; Sat, 27 Apr 2024 12:36:44 +0300 (EEST) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2071.outbound.protection.outlook.com [40.92.91.71]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D1A5968CFFF for ; Sat, 27 Apr 2024 12:36:36 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=naynde1u1ZK1YfRkKRBBpGECuyBYXzo6QNVO1COaRj0iYCnZkpEpfRUxUWUgUk1u1eaxzDvVRhPZeb85rh+tWgM2hrP0kBSQxlb2urYvWrchvOimdwNkf/lhjH0EXTDTIFP0izIGGAHCjQZ0pZ4N1gElMJvCk168UGXKce12n9tlxRheM2IwLBABWtL9oT+7krlaTSoXLc1g8+dnBCcmyJ4L9vGp2l7eDUcLUKOxVnta9x946L7WMuSofwL/FyXoMqq46/HWt6E+I4Yz8OXgzf2tqaM1tXuPOHzUtrXAnuWHYB8/97+0WPYzObBxIDx+gQragsJ6ZEYVSMGXk5dO6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t+jVzaVNctV0VwhwmP/88wBN9JhviIdTbfCq7FM65nk=; b=eiZ1DoasXbSjLfMnchWd0FuTXoLAIGfhnzoyys+7EMRzLVe5MuTj1bfKh+WY44O/YTH2uIESG8AxH/W/Ysck+crrgRa5FRlF4Anl40b/ghH0iGemp4yvMYo14BAuiWOPLlE/afC8DjKhZdVkspK4mLorJcdD2kjbiMaRQnuIwtXdmFA6m5BjbEt797mUOsp3RPkKkGOOWShmE3CtbL3ZqMQI9xFlIEHhiIoaoFL1LaTl8/fIarGVm9zhiodAeIXGqrW/f8SpbWwXR7wsu0s0mkjVkzVd5BZ8QMMiVMK4ezyFEaiwDUviOj2AHVlE4gYV4EQX4pgLtToDBQ1spt4kMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t+jVzaVNctV0VwhwmP/88wBN9JhviIdTbfCq7FM65nk=; b=Pe8ne5NFq8d0HQqj15edUdrM0VDeJQRdGu7FsP9f0OXpR8FuUAkzrBnZ87pv7/khYG+CeROzx8+DC84NBcziBGPEynUOe+nkqcVLEIaiXogS9N4JTRKwrvDnc574/W/Nl61yb13GveSH6BQB0gC8Pj5VrWpdgMVdNNozcaFTCeLgUjr5UrtPH3XxPtxKN627vPNFZDNUcpByW13D0o2WilOEB9XDHuaQsDYmZ90fP3OTCEPypxoml3qNIf4JqijRdmiHp/K5HnMUqqWx7wasOctztERZpxTxjedbURUOb4ZvVbBlpxEfIfCf+Vyg/gWVBpumvU4JANYvHXNq7F9V8w== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by PR3P250MB0022.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:14d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.31; Sat, 27 Apr 2024 09:36:35 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::1f29:8206:b8c3:45bb]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::1f29:8206:b8c3:45bb%3]) with mapi id 15.20.7409.042; Sat, 27 Apr 2024 09:36:35 +0000 Message-ID: Date: Sat, 27 Apr 2024 11:36:30 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240426235211.3718252-1-michael@niedermayer.cc> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240426235211.3718252-1-michael@niedermayer.cc> X-TMN: [KO7zZFmYXnehjI5B7CSoSx4p0paTPaHVm19Wq2/eKQg=] X-ClientProxiedBy: ZR0P278CA0180.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:45::7) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|PR3P250MB0022:EE_ X-MS-Office365-Filtering-Correlation-Id: 52b326e5-238e-4f12-7481-08dc669d877d X-Microsoft-Antispam: BCL:0; ARA:14566002|461199019|440099019|3412199016|1602099003; X-Microsoft-Antispam-Message-Info: qbF8U8idVtsk0o4rf5OyMq/Jxsq7iG08RIv2MID0fzs/C3/+n6rCHeggNzYQxBWh2a7fMMJriiqAyGTRnc3AVBRi0t1OPjkquh4BGDv7fp02d26hBWM0c/0DpYS4jzC3+0u7Gf2qR0ay6llRhAVsgr/AJz7+kB7mV4AaiRgX4bMhhSj5lKXpQRfthZ4HRDtcCSYxUQNcTydfkuTt+/SuN8vFdb+Jl69noxhfwINc4F0dw9Y+ssSIQac1PJN3xOh1pY10IbBSPYTg38UQjHsyKYm5xHdd41sRvpTqaoB81T8XXRdgwNaBh8rqua7iQ2DcA3GOw/E/ve+CTarKeeVevIdgY0o5IK8A+vZu/L+/va7cBAlWxE+Ihb7EJJwn68SKKkjyk+GxSVZFAALtQoBpN6qjr6ZSpBU8e54P8Izp2s2RlCLSb36cRtL1xaa7JimmPLeFOL39M2n7yNNWF58ns2K5pJUblYsovl4OtwzpNfw0Yz1YMdDvNF3OCLW9B89Sa3d91P9onQ3SdbiduQpwJhhVDLzeJrK1Nztrzq8hP1RYzXe3P3Qsk8zw1BOD85D2y3P+PCNjAI1Rqgkx3IhCak2aTIeysj3ooRKkGthqPabyo+OGhWKSe68QC3IPhkJ8jYNcr2H2sXiQgTfU/qcct7UT4q/qhnamyzZDYOWOrfk= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?U0VpUWtxcnlWUlY3NnBqU3NHSjN3RUZHTXE0cDVTa2p2a1ZORVBNM3BMa3Mv?= =?utf-8?B?MG5vbXBLOGRvcW9FbUdhdkhNNnZiUkY0WVpHZ1B6dU11NUNCaUgyU0lvQ3hH?= =?utf-8?B?ck0vdXJycjR3NE90eHlhT0JVSFRoamZLajdManJSUFRGdTZyL3VaVG16OVFP?= =?utf-8?B?ck9qRVpUTmNQU2pnZUhlUjkrRVFtbXJ5M1VIV25rN2ROZzFrZnd0MUJVTHg2?= =?utf-8?B?dFB4VThhZitXaFFQVVRUSG1lemR1MUhjUzFHUXRDZTFmMVBPb0lZcGRtcE9I?= =?utf-8?B?RUJhU1ZFWjJ3eWwxWE1wSzRtVmhDbTMrSjBhZWcyVWw1dnpoaklPOVBqWEFV?= =?utf-8?B?NW9pYS9hZjNvVWVwdmczMFprRzg2R0NUUWd5RFVrMlZSRmZPVWhoSmtGMUFl?= =?utf-8?B?K2ZTOWFKVFVpNEY5T012QkErRmY0L2ptL1g5aVpzcE5TV1U3YnJ2SDg1UjJq?= =?utf-8?B?eExCVWNwVzlRK0FDdlUvZVZseVJqS1dQL0JjKzR1SzV0Vkp2UGlFWVFwbmJz?= =?utf-8?B?YTJKSWg1d0RnWnkzaDMvY2lQR0R2dm5iWmQxQlBseXFEamM1MmlFR1JSODlV?= =?utf-8?B?SkN0Mkx3VUk5Um1oWktkUEFKNU9XY3NlWnBsTlNWTC80Wi9GZE52Y3R0NUkw?= =?utf-8?B?Z0Nob05aUmd4U0d2NVM4MldjWUpobXNUalRpMk8xNDFsa3FzenRiWGVEU2wz?= =?utf-8?B?amppUS9JYWJTeHZYY2JEemFkUms0d3MzU245VXFYazhJSmU0eDlaVXVGdGNS?= =?utf-8?B?S3htWXRkM0xwS3FINmNWUmV1ZzdRdTJrc1J0QWIyQ1M5cVJDRU1pd1duaU5O?= =?utf-8?B?c0ZKWFlJNVJoQU03T0RwYVordm9mWUIrb3loa1NCbGpFaDBwbjVxNzl0R25z?= =?utf-8?B?dkFnd25RampTNktvY2VLZWFIVnlkNHN6L282a2dqWXNEOUxHRDltQVcwTDhS?= =?utf-8?B?dXNIQy93S3lhQmdDbmZwLzBYcnFib0E1NnVZdGJIMG01MVMxNnJ4M3BUYWNa?= =?utf-8?B?WHNVakdFZ1NKUExUWkp1cTY3NXhQQmVEYS9OTnZVNGhEdUpBWEtudXQzZUdx?= =?utf-8?B?OEozeUtRWjlzV00zMmtzQlAvblJnZERuMFBpQVY2SEdSemVTYmd3Z1FBN2lX?= =?utf-8?B?OTlkaTNMZnRaV2I3Y3ZuSk9NSXZjRm4zVWJhY0pHRDIvbWZzOG5rUitXTDFw?= =?utf-8?B?RWtFUWRNRFNIOC9tamhLNUFkS09YY1BmOG1laWxqOE9Fa1pCSXk3K1VCNU5E?= =?utf-8?B?QzhrQ1EzQU5hUHNVMThNRDVBalVwUFlBT1F6QnlSVnlDVVpDYmhnRGFZQ1Zl?= =?utf-8?B?TVAzbVk1VnhyQkNtczVjaE9IQnUreVBEQVVlMTVyQmxPUHlBQmc5b29xYzhi?= =?utf-8?B?UnBVWEFEZWkrTTV0Z1FkN1RvMzQ2ZlJETkhyQXVkVnVLOThwU1pudjR3VS81?= =?utf-8?B?OFRkZTBzeGFhZjgyM3BCTjF0cW1rM1VONmN4cEQvd0FVbDYyaFljbjhtM09S?= =?utf-8?B?dXZPYXRVVTUvS2VLR053bHViNG9xVjJCQkhrVXUvU2k5VHJUU3VzblUwWTFj?= =?utf-8?B?Q0dBaWhVNFZFckw3YVcrK1k3ay9LaU55NzE1UHpBbHl2SGNBMlFScS8yUk5r?= =?utf-8?B?SUxBWXBKamFDQXZhOUdic2FYM2JIdjRzYmZFZWFSUnJ4SzdNaGczQjc3aW91?= =?utf-8?B?bXVIbUNhMDlVQ0pZVnhsU2Q1S2ErSGRkaWdxVWJCYnZNV1dlWmp5bkVnPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 52b326e5-238e-4f12-7481-08dc669d877d X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Apr 2024 09:36:35.0941 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0022 Subject: Re: [FFmpeg-devel] [PATCH 1/5] avcodec/pngdec: Check last AVFrame before deref X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: NULL pointer dereference > Fixes: 68184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4926478069334016 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/pngdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c > index f7751223b81..b24bfa248dc 100644 > --- a/libavcodec/pngdec.c > +++ b/libavcodec/pngdec.c > @@ -1218,7 +1218,7 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s, > return AVERROR_INVALIDDATA; > } > > - if ((sequence_number == 0 || !s->last_picture.f->data[0]) && > + if ((sequence_number == 0 || !s->last_picture.f || !s->last_picture.f->data[0]) && > dispose_op == APNG_DISPOSE_OP_PREVIOUS) { > // No previous frame to revert to for the first frame > // Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND Just checking for !s->last_picture.f is enough -- s->last_picture.f is set if and only if s->last_picture.f->data[0] is set. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".