From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 9059244DBC
	for <ffmpegdev@gitmailbox.com>; Mon, 27 Mar 2023 00:45:23 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id EC51E68C5C9;
	Mon, 27 Mar 2023 03:45:19 +0300 (EEST)
Received: from mail-qt1-f179.google.com (mail-qt1-f179.google.com
 [209.85.160.179])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8BB8F68C570
 for <ffmpeg-devel@ffmpeg.org>; Mon, 27 Mar 2023 03:45:13 +0300 (EEST)
Received: by mail-qt1-f179.google.com with SMTP id s12so3471436qtx.11
 for <ffmpeg-devel@ffmpeg.org>; Sun, 26 Mar 2023 17:45:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=obe-tv.20210112.gappssmtp.com; s=20210112; t=1679877912;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc:subject:date:message-id:reply-to;
 bh=UY35SqgGJRzY/HeBZT3y8nDf9FxPuebXY6qAtAEJ/s4=;
 b=hj0yN5FzY8enc8ofoJgKUhQojEyFusykYVK4kpBaK5vT2jHOeU9ASa9vUeSEJFaCjH
 Ce5WrflTwAid57rrzUx7CW6f1vcVvgKJpwGWPsYCHPjfTwZDGs+0Gy48p7cvHtSYuDQy
 6TjgyV02F9+D5yaOXjBCNg7Fo5sZsPGBO+cRwgjDkensMToU7iy44KTKFLLTO5PQv6RW
 6AelDAPBLLfQbIBEV7W7bDLsJfrxXWaJJ2eT6OHIxG0xJOkvNRFQniQe5fuObO4UPD2k
 c6PflH/bqxmx32c+/BxiarWlLQHLWZahlMUlK0prtbOFhZ/tOWEqiOjjrsVzmZDL/YBJ
 UUjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1679877912;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=UY35SqgGJRzY/HeBZT3y8nDf9FxPuebXY6qAtAEJ/s4=;
 b=W2ZyuQ4K8jq6uuhTrh4w7ob6Kk2IMPecEipGZORoue27QKllNxwtrnnPP6ShiFfyre
 kSzaLH2bB6+rsF5RclLzPkFIfv1CbOuBq7TnMmqTPPUb2TCWLqqC7GzICEM4lqFGwCPx
 DlY9bYiBLeyqMzeXWRq6QoGt316lV0b32+iQ5gY2VIcNcWtaW4zOdJmKaxWzG2J0moWW
 JRHLLYC4CS2d/tN1FEHWiXoo28kcu3Qx8WUkcYabAXcEfI5sbI8yR+mQ+imvEkG1i5Sp
 4f4ZAEOF0d+XSAOv7GGC5yTeIZEVP3vdEeao75b8qKnTp0g3Sdd4I+2xcn1OLTGIg83E
 UJhg==
X-Gm-Message-State: AAQBX9c4TIwciY+O/TDQamxOR/xq2aYXx8Dx0OkqNoWG+cwqwYsvZCze
 dFrGJXsZNfYEX9xGhhx8bogt0fVcvuf/W9NTK40LhYhlsDcNxI7b
X-Google-Smtp-Source: AK7set99hqss/JN0OZvzQA7I/mwvDasLpUL+6EOnAsbrG6LKOUb2Wnm8mIBWr+06q4hfrYAEkatw1wNvegVT/Zw5HUo=
X-Received: by 2002:ac8:5905:0:b0:3de:1720:b54b with SMTP id
 5-20020ac85905000000b003de1720b54bmr3763638qty.0.1679877911617; Sun, 26 Mar
 2023 17:45:11 -0700 (PDT)
MIME-Version: 1.0
References: <20230326222642.2489-1-michael@niedermayer.cc>
 <20230326222642.2489-4-michael@niedermayer.cc>
In-Reply-To: <20230326222642.2489-4-michael@niedermayer.cc>
From: Kieran Kunhya <kierank@obe.tv>
Date: Mon, 27 Mar 2023 01:45:01 +0100
Message-ID: <CAK+ULv6TTAaEq8da=NUdt0R1s7DD76bxTY1PnCPf3FEy86hfzg@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [FFmpeg-devel] [PATCH 4/4] avcodec/vp3: Check width to avoid
 assertion failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/CAK+ULv6TTAaEq8da=NUdt0R1s7DD76bxTY1PnCPf3FEy86hfzg@mail.gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On Sun, 26 Mar 2023, 23:27 Michael Niedermayer, <michael@niedermayer.cc>
wrote:

> Fixes: Assertion failure on x86-32
> Fixes:
> 39641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5925660741206016
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/vp3.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
> index 9660def675f..22348559461 100644
> --- a/libavcodec/vp3.c
> +++ b/libavcodec/vp3.c
> @@ -2353,6 +2353,8 @@ static av_cold int vp3_decode_init(AVCodecContext
> *avctx)
>      s->avctx  = avctx;
>      s->width  = FFALIGN(avctx->coded_width, 16);
>      s->height = FFALIGN(avctx->coded_height, 16);
> +    if (s->width < 18)
> +        return AVERROR_PATCHWELCOME;
>      if (avctx->codec_id != AV_CODEC_ID_THEORA)
>          avctx->pix_fmt = AV_PIX_FMT_YUV420P;
>      avctx->chroma_sample_location = AVCHROMA_LOC_CENTER;
> @@ -2919,7 +2921,9 @@ static int theora_decode_header(AVCodecContext
> *avctx, GetBitContext *gb)
>      /* sanity check */
>      if (av_image_check_size(visible_width, visible_height, 0, avctx) < 0
> ||
>          visible_width  + offset_x > s->width ||
> -        visible_height + offset_y > s->height) {
> +        visible_height + offset_y > s->height ||
> +        visible_width < 18
> +    ) {
>          av_log(avctx, AV_LOG_ERROR,
>                 "Invalid frame dimensions - w:%d h:%d x:%d y:%d
> (%dx%d).\n",
>                 visible_width, visible_height, offset_x, offset_y,
> @@ -2965,6 +2969,8 @@ static int theora_decode_header(AVCodecContext
> *avctx, GetBitContext *gb)
>      } else
>          avctx->pix_fmt = AV_PIX_FMT_YUV420P;
>
> +    if (s->width < 18)
> +        return AVERROR_PATCHWELCOME;
>      ret = ff_set_dimensions(avctx, s->width, s->height);
>      if (ret < 0)
>          return ret;
> --
> 2.17.1
>

Please provide some explanation around the number "18"

Kieran

>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".