From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 3F09B49A34 for ; Sat, 27 Apr 2024 11:14:08 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D997A68D2A7; Sat, 27 Apr 2024 14:14:05 +0300 (EEST) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04olkn2073.outbound.protection.outlook.com [40.92.74.73]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0D3BD68CEC6 for ; Sat, 27 Apr 2024 14:13:59 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QFpJeGZowWq3qv2qQubzINkws7iAzVCCs5sIS3iUmwjqyNsE3CFYPDhDV1u9hHgBT5cX2diR590GGyTD2wsR9D1K0TQ08wV2i+9kcyWT8Cm3SpburHKUSlQhWaidkMAm7lvj+cvI+qSQUKJKa2hqnDvCF4oBZlwMnAsexcsz6wb8gyQPOb5/K6HdrxoSAf9HK9Nas09DSxlPwAX3la+WxeOC8D4ED8Qeft/83u0a2GlZNbHLkjQewqRlFBRJ+itdEAHX/tWFHy5zfVb4epR0xnVP27spW4kFxaP23dW20rD+De5HqaBK1Nb8TuNkXBx6gAcoUESSSvxzHupTTzyA2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W2OvV3OLUqLyzc8CX2dv6otVjAsOUYjDsjdOKOntGIw=; b=jWwjkWtYNN3LBGyQWHEvftZJ5wE5d1Bk2UXA89h4mvtFAxQriDWwifRQW1QGy3RFnKeANA2i0CIgdQPoXscYiaRnGpeFUYHK93hoMUzJLfu7vdlzFaa5X/eqF9Xkv8S4h+H6IPyBQKK3nIsgYoWk3xx1f47E/wsHWeQBdkqglY1L3Ah8HlHCOn5K54bn+yyxa4H/X2gTN0Ye7mjvwY9DPC5tJuRd9WShORYGLjwn4GmjIY5dH7KVYRJJK33TIvAkDrm9/Jjm65m2WT4vC4LkZNZEaBvUmVvod8yzoj4wSuGP4Q/AV6dUgnwTOBIYBsti/qXP16afwZUV/QQv/vzslA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W2OvV3OLUqLyzc8CX2dv6otVjAsOUYjDsjdOKOntGIw=; b=OAF6T0VWWHe8rm03d1GhKVV11lI0gk+OfRxZjTuTb3VIGutJ5e48a81luMllmxbwb552KuoQy6iKnRMC9aZB1eIoT6emcd0f0QbhoAkxe8JwJUv1fFsFI8Tpp3434mL+DaTF0Q/lNTl0UJLBzNUrVC6jNzEK/NwbB+lZJ8frL+LxHvX5DZP9D9Row0NpkdxHlKJdRtz3c4flu7XdNGcjgrvUsf8xK8tq0ypbUHdlzKxkdDpnTfiSH63C5EO1F1v2HJmuEhTCvLmYm/yUoko1zVnDNkQANJ2ORTslQq3mmzEnjWvXED7OmvPteBHGcSzJb3RY+6XH/72wxIrn+2fxUQ== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by PR3P250MB0305.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:17c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.31; Sat, 27 Apr 2024 11:13:57 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::1f29:8206:b8c3:45bb]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::1f29:8206:b8c3:45bb%3]) with mapi id 15.20.7409.042; Sat, 27 Apr 2024 11:13:57 +0000 Message-ID: Date: Sat, 27 Apr 2024 13:13:54 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240426235211.3718252-1-michael@niedermayer.cc> <20240426235211.3718252-3-michael@niedermayer.cc> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240426235211.3718252-3-michael@niedermayer.cc> X-TMN: [4x7fNbs0zCuJP/ahvafiSiEOv3B7isWLNQNuEDyakxM=] X-ClientProxiedBy: ZR0P278CA0057.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:21::8) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|PR3P250MB0305:EE_ X-MS-Office365-Filtering-Correlation-Id: 5a4c985d-2bb6-426d-8757-08dc66ab21d1 X-Microsoft-Antispam: BCL:0; ARA:14566002|461199019|1602099003|440099019|3412199016; X-Microsoft-Antispam-Message-Info: GArI34O4Lei5tZyHe65P1IIZwH5RjWVJ9XJ96mpG7QOPFFhfui5r0ZmEztxgCYSEHjWLrhiVKW1JG0Mofz7SAgBjcbrXyesCEUYPrlBt5aZ16T1L4mrMQoVXViyeQZjqitiwNOxMP4e06/WLzFRwcGeH3IRPCbm7ivq1jtawWsHQK0cZrbfAZ9XNtCgoUZ07hKF0SEoc9+UdU9NP8LNpivoy1TDRFuTFsGOBkBmabINX6O98AJFlaaivmPeU1eEU1XcUxSnaqiMTtcijnhNL4BDTjlQRe2GryNNjmDJl0XFVhHwbowNHzlG2ftxgu2o1IHi6USEHea8a0kb7UgkrcbNChlvTfR9jJjyJB24VpRnIcmxRLUHBBIi1zDmYrujApuWGaMW0AaKZYieaolIcfHAlkfK13uE0bbuAVKCqTj53CuseA+EDKP6Wfka3rRiHm1TlNTWH6KpCwwTw/Lj0zXuI9eMIfY5+N/OPZi1ailwp70hdiNYJs3N4645Eb6cgGTFm68Ln80q1ymqVcrVMxcm6F6Qe0u7itYDJLWHiHwz7Tm8vLTKz2wxKQrJzCVS3/e1nS24laQMDHpecPrYUiVNj08SCRMBRNUR2k/8JL4KsUctsbklMH4ATszwcgWHwUqYfb/JZLJF/TdxQx8H3XNBM7SxgkMBfoXYANZjnqMA= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VjFUWGYvVGZUNHU5ZTRUS2tyYjdJSURBQTl0QkVqalc5RVBMOGs4NHFGRU9N?= =?utf-8?B?ZDBsOFczbE9OMWNFSkNLRER2MDlOOFhFcFEwaVk5cVpHOXcrTU9wanZua0Yz?= =?utf-8?B?NDZXaEh4SlZ2cWdsdlNkeUwybHA3Q0dCSjE3c0pBdXM2c2VaemlzaW9KUkhN?= =?utf-8?B?bGFLRE9NVXFibStiZmo1ajNFazNTZlkrZVhralBIWDBJWUtaRHpzMGJHcUJP?= =?utf-8?B?MlFtSXZNcmxwN3RuWEtqbGpKZGZzcW81MkZYTmhSNUlEdktzalJFSFlNSTFZ?= =?utf-8?B?ME1TZW9qb2k2WXlwa1NBR3BuRG9kWEVnamtwWnM4bi8rckR6M0t0cVdRd0hZ?= =?utf-8?B?UmZyNWJZTlc3SVpaenJqd3BRUC94dFZ5RzhoeEV0ZkxnSFFTOG5rTEJMZHdh?= =?utf-8?B?amtORjl3Qm1WWUM4N2pEY3p5elVySm5wRFRkUlEyejM2d2IyTmdMY1JWUDdU?= =?utf-8?B?dHppaUx3TWpHOGROLzdYV1NXSDc5aVA5QXU0R0YwUU5RRlZlRHA1QmVzQzJ0?= =?utf-8?B?bk9Qd0lCQVpFS1hqeFdackdTTUFtMElBZzVOQjNwazhIdXl6VCsrTG15K0N0?= =?utf-8?B?UWNrVlFxbVdHVE84K3JDc1RJd1pYbVlINm5KcXc1R255bXA5d1Q2QVVpNXIw?= =?utf-8?B?LzVjamtOdm9JVUdwZjk1N0V5TmNBY3I1R0NoODRrMUEwWlhhZ2pWSy9temdt?= =?utf-8?B?Y0x3V1RSWEpJeHlXWEE3dnpvaUdtb1ZNUmtrWDVlbWxKUE9tSmtKUnlnY0FM?= =?utf-8?B?WHMyNU45c1V5dU9RbDhpYmZqMkp5UmV2V3lTRDR1M3pmM2NRZUdQcXRzMHpt?= =?utf-8?B?WWhuaklScGt1NDRQK1JnN0ttdzhDZzAxSVI3ZmZmeUxmWk9WSkJRTlJQbHlx?= =?utf-8?B?QWwwYkJHbjhPT0ptL3ZhdEJSVzRnZEpyYU1XaFoxSVU1aENFdVVxbVJJR1Ay?= =?utf-8?B?VFNpTW92cnlLY04rTkw5d2t0UGxvZm5uL1BwZWJiTHpSTzVQSTJmYkJpZmdE?= =?utf-8?B?WGpwNEhFSUc0MWFhelkrUVI4aEhRdlB3ZVAvUWNuNjFZL0tvdzZGK2F1U1Rr?= =?utf-8?B?aGdLbmpicGFQZjB0dHpJTGtKUHJkL0xBVjdSSm5XdDFiOUxpWENtTzN6clF0?= =?utf-8?B?djBxbXc1YjhEa2NzSExHTmd2bUhSYVkxSlpoMVdsem9hR09ZZlJjM3BqRjds?= =?utf-8?B?dkpFZWF0N0JTQW1EQ0c3TkxCRVE2VzFxSlpHcHd1MnI5QU5QK0lSbjgzeHN2?= =?utf-8?B?L0JYVVU1MU90b29qTFA2OUxMck1zWGZ0MzF4S3lqU3hRTmZvSHRNZGFaUlli?= =?utf-8?B?dVQyNmVGWU9OMjFRNWZzMmdpMjVVWXhvb1Z4dHV3dXM1K3RzSnZDemtPbWdq?= =?utf-8?B?SG5OZHp0dUs4Yy9iTmtEeWM4Y3BiTnJnOGRBNC9ZMGZQQ0hQekdla1Y1YkNB?= =?utf-8?B?TFo0Yk8zNllMVEpwMG83Nk50cENtZmVkTnFBMGMwSzVUMVl4M3JOY3lBdHpB?= =?utf-8?B?UUFMMzJiWC9VaUExRmlJWEN3NlU0RzBSbkNIS3NvbDBwVUUxNkNiYXhTZkEx?= =?utf-8?B?Um9Vc1UxYlhoUFZjbGprTCsxbCtDRnZLQ3pvUndSNWVOWG1WYWkrdHZUUytj?= =?utf-8?B?MDRHSVhVY0xYRzBlZXNQQWpmU20rVkR2UTF2QUJuWFh1TkJBL24vZ3cyUTBs?= =?utf-8?B?aU1nNUorVko4UmF0TkpxWTZqNW9YWXhyN1VBMlV4NmZoaWpRd1hxQzlBPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5a4c985d-2bb6-426d-8757-08dc66ab21d1 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Apr 2024 11:13:57.3948 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0305 Subject: Re: [FFmpeg-devel] [PATCH 3/5] avcodec/decode: Check progress before dereferencing X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: NULL pointer dereference > Fixes: 68192/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP8_fuzzer-6180311026171904 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/decode.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/decode.c b/libavcodec/decode.c > index d031b1ca176..a6131941f43 100644 > --- a/libavcodec/decode.c > +++ b/libavcodec/decode.c > @@ -1744,6 +1744,8 @@ void ff_progress_frame_report(ProgressFrame *f, int n) > > void ff_progress_frame_await(const ProgressFrame *f, int n) > { > + if (!f->progress) > + return; > ff_thread_progress_await(&f->progress->progress, n); > } > Can I get the sample? I see two places in VP8 where the VP8Frame pointers are set before the actual frame inside it is properly allocated. (Actually, it was intended for this API to not support waiting on non-existent frames (i.e. let the caller check for this; in most instances, it is already guaranteed that the frame one waits one exists, so this is unnecessary for them).) - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".