From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 8F70144814
	for <ffmpegdev@gitmailbox.com>; Mon, 28 Nov 2022 00:47:51 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8510F68B7FA;
	Mon, 28 Nov 2022 02:47:49 +0200 (EET)
Received: from mail-qt1-f180.google.com (mail-qt1-f180.google.com
 [209.85.160.180])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1E9EB68B0F9
 for <ffmpeg-devel@ffmpeg.org>; Mon, 28 Nov 2022 02:47:43 +0200 (EET)
Received: by mail-qt1-f180.google.com with SMTP id l2so5775271qtq.11
 for <ffmpeg-devel@ffmpeg.org>; Sun, 27 Nov 2022 16:47:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=obe-tv.20210112.gappssmtp.com; s=20210112;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc:subject:date:message-id:reply-to;
 bh=zaPnb45PNPUOEvvkjJuAD1PWw6BMOixmKcyn29VFxis=;
 b=Zfjm/emoQwYcjYSP7xX37BZrIJHEVGwj3ql0bfJsjBC7xZ7OvUEuDwEpdFmNNKpTlJ
 ArJP/bezkS+seF5c2HK7gPjfeQ+7scNZjg83ChsWtb0rzNyf1qtuv6QZ0qP4EXLGm1Kh
 CBtm0HOLcpHHeAch2yqaFHAhPMNery+KVZUKod9XXhu15xCF4PVI7Hg+OBaPkftTp03G
 lnxmizDe5iKjo0WNtQCNsAAu1kbOdjKVFXoJsq5heClEUsF7u6xoeOp9ftIaMsYLZ0df
 HrhTvEpgfMDcA5yNrwOmS1TGjZaulExa0joI5e8JcEhwPyHAMtb4eoOTp2sEopI/flNk
 7n9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=zaPnb45PNPUOEvvkjJuAD1PWw6BMOixmKcyn29VFxis=;
 b=kBa4kpIR9pWZlcvFZ+xH+XlSBfglEp+XhsCmzX2TwGe/Dxi+MlILraMngnKkbCr0Qx
 1j1DnnBi3dzZPPV50nEDUmZILcos0L4VygWGO63Rsk/Y9kw8c29x6+1LkKz5sqFFf8K5
 l7Uh32Uxlmo53tYJgA6fsuKEAeQwgch1OeLg3khZR09uHc8yBidBeGyyo1SCpWsnlZk3
 NQt8rGqHb71DHIA82yTZqfxBG4lI4yd/R5ZOFq1VSmv9GZjlfnsYw2qJAOF4s18bhQCw
 B/Yiq6unp8rydT1+/P1fnPAos8BLVQx1BcuHY5w+AaZpVOyaOWrt8B5dVJMGc/Vmw62Y
 gEzg==
X-Gm-Message-State: ANoB5pmyWrDXMASxhycL9Qu3ZJu9uZWt02tXTcXY1Pw588BJlNorEB23
 OsdYTGyOzkztN8DNQmQMIcVa6su+mkuamOl7znOH75vHQSY=
X-Google-Smtp-Source: AA0mqf5ckd+TCzI6PfuTo2zwa0LtHAPPiPeZe2D2UvaVMRuae39lHewG6M14FM8eKwo4eQ+XL86w10jIaatTaNINXt0=
X-Received: by 2002:ac8:65d0:0:b0:3a5:4859:8176 with SMTP id
 t16-20020ac865d0000000b003a548598176mr46144599qto.478.1669596461279; Sun, 27
 Nov 2022 16:47:41 -0800 (PST)
MIME-Version: 1.0
References: <20221127223435.8362-1-michael@niedermayer.cc>
In-Reply-To: <20221127223435.8362-1-michael@niedermayer.cc>
From: Kieran Kunhya <kierank@obe.tv>
Date: Mon, 28 Nov 2022 00:47:32 +0000
Message-ID: <CAK+ULv6mx+j4rf_0+d1EMWTwOB7X7SCg9L5BwAKqE63WtnoKRA@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [FFmpeg-devel] [PATCH 1/3] avcodec/mpeg12dec: Check input size
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/CAK+ULv6mx+j4rf_0+d1EMWTwOB7X7SCg9L5BwAKqE63WtnoKRA@mail.gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On Sun, 27 Nov 2022 at 22:34, Michael Niedermayer <michael@niedermayer.cc>
wrote:

> Fixes: Timeout
> Fixes:
> 53599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IPU_fuzzer-4950102511058944
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/mpeg12dec.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
> index 914516bbd9..c93368e255 100644
> --- a/libavcodec/mpeg12dec.c
> +++ b/libavcodec/mpeg12dec.c
> @@ -2969,6 +2969,9 @@ static int ipu_decode_frame(AVCodecContext *avctx,
> AVFrame *frame,
>      GetBitContext *gb = &m->gb;
>      int ret;
>
> +    if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16)
> * 2 * 7)
> +        return AVERROR_INVALIDDATA;
> +
>      ret = ff_get_buffer(avctx, frame, 0);
>      if (ret < 0)
>          return ret;
>

Where does this AVPacket limitation come from?
Are you able to explain in a comment where these numbers come from? In
particular the "2 * 7".

Kieran
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".