[FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for SIMBIOSIS_IMX

[FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for SIMBIOSIS_IMX

[Michael Niedermayer]

Fixes: Timeout
Fixes: 47892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SIMBIOSIS_IMX_fuzzer-5160609278197760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index fefc8514f0..8bf8761574 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -256,6 +256,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     case AV_CODEC_ID_SANM:        maxpixels  /= 16;    break;
     case AV_CODEC_ID_SCPR:        maxpixels  /= 32;    break;
     case AV_CODEC_ID_SCREENPRESSO:maxpixels  /= 64;    break;
+    case AV_CODEC_ID_SIMBIOSIS_IMX: maxpixels /= 16384;break;
     case AV_CODEC_ID_SMACKVIDEO:  maxpixels  /= 64;    break;
     case AV_CODEC_ID_SNOW:        maxpixels  /= 128;   break;
     case AV_CODEC_ID_TARGA:       maxpixels  /= 128;   break;
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/3] avformat/mov: Check the item count in iloc better

[Michael Niedermayer]

Fixes: out of array access
Fixes: 47899/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5706852010164224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index fa471c45ea..3f7b0e3ed1 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -7501,12 +7501,12 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return AVERROR_PATCHWELCOME;
     }
     item_count = (version < 2) ? avio_rb16(pb) : avio_rb32(pb);
-    if (item_count > 1) {
+    if (item_count != 1) {
         // For still AVIF images, we only support one item. Second item will
         // generally be found for AVIF images with alpha channel. We don't
         // support them as of now.
-        av_log(c->fc, AV_LOG_ERROR, "iloc: item_count > 1 not supported.\n");
-        return AVERROR_PATCHWELCOME;
+        av_log(c->fc, AV_LOG_ERROR, "iloc: item_count != 1 not supported.\n");
+        return item_count ? AVERROR_PATCHWELCOME : AVERROR_INVALIDDATA;
     }
 
     // Populate the necessary fields used by mov_build_index.
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Michael Niedermayer]

Fixes: out of array access
Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/bink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index ce740ad275..ed4406d97d 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -1088,7 +1088,7 @@ static int bink_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
         for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
             blk = get_value(c, BINK_SRC_BLOCK_TYPES);
             // 16x16 block type on odd line means part of the already decoded block, so skip it
-            if ((by & 1) && blk == SCALED_BLOCK) {
+            if (((by & 1) || (bx & 1)) && blk == SCALED_BLOCK) {
                 bx++;
                 dst  += 8;
                 prev += 8;
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Paul B Mahol]

Have you checked this with longer samples?
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 403 bytes --]

On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote:
> Have you checked this with longer samples?

ive tested it with the files in the bink directory on samples 
anything else i should test it with ?

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The educated differ from the uneducated as much as the living from the
dead. -- Aristotle 

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Paul B Mahol]

On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc>
wrote:

> On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote:
> > Have you checked this with longer samples?
>
> ive tested it with the files in the bink directory on samples
> anything else i should test it with ?
>

Something longer, where is big gap between keyframes.


>
> thx
>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> The educated differ from the uneducated as much as the living from the
> dead. -- Aristotle
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 896 bytes --]

On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote:
> On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc>
> wrote:
> 
> > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote:
> > > Have you checked this with longer samples?
> >
> > ive tested it with the files in the bink directory on samples
> > anything else i should test it with ?
> >
> 
> Something longer, where is big gap between keyframes.

I would have thought that some of the 46 files in the samples archieve
would have adequate gaps.
Can you share some better test file ?

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many that live deserve death. And some that die deserve life. Can you give
it to them? Then do not be too eager to deal out death in judgement. For
even the very wise cannot see all ends. -- Gandalf

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for SIMBIOSIS_IMX

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 908 bytes --]

On Mon, Jun 13, 2022 at 02:10:19AM +0200, Michael Niedermayer wrote:
> Fixes: Timeout
> Fixes: 47892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SIMBIOSIS_IMX_fuzzer-5160609278197760
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  tools/target_dec_fuzzer.c | 1 +
>  1 file changed, 1 insertion(+)

will apply

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Modern terrorism, a quick summary: Need oil, start war with country that
has oil, kill hundread thousand in war. Let country fall into chaos,
be surprised about raise of fundamantalists. Drop more bombs, kill more
people, be surprised about them taking revenge and drop even more bombs
and strip your own citizens of their rights and freedoms. to be continued

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 1009 bytes --]

On Tue, Jun 14, 2022 at 12:09:59AM +0200, Michael Niedermayer wrote:
> On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote:
> > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc>
> > wrote:
> > 
> > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote:
> > > > Have you checked this with longer samples?
> > >
> > > ive tested it with the files in the bink directory on samples
> > > anything else i should test it with ?
> > >
> > 
> > Something longer, where is big gap between keyframes.
> 
> I would have thought that some of the 46 files in the samples archieve
> would have adequate gaps.
> Can you share some better test file ?

ping ?
anyone has more files i should test ?
if not, i suggest to apply this

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I have never wished to cater to the crowd; for what I know they do not
approve, and what they approve I do not know. -- Epicurus

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 1412 bytes --]

On Tue, Jul 12, 2022 at 08:20:18PM +0200, Michael Niedermayer wrote:
> On Tue, Jun 14, 2022 at 12:09:59AM +0200, Michael Niedermayer wrote:
> > On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote:
> > > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc>
> > > wrote:
> > > 
> > > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote:
> > > > > Have you checked this with longer samples?
> > > >
> > > > ive tested it with the files in the bink directory on samples
> > > > anything else i should test it with ?
> > > >
> > > 
> > > Something longer, where is big gap between keyframes.
> > 
> > I would have thought that some of the 46 files in the samples archieve
> > would have adequate gaps.
> > Can you share some better test file ?
> 
> ping ?
> anyone has more files i should test ?
> if not, i suggest to apply this

google will publish this report in 5 days
just a reminder this is a out of array write and it will be very easily
searchable so anyone looking for unfixed bugs to exploit will try to
exploit this

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Breaking DRM is a little like attempting to break through a door even
though the window is wide open and the only thing in the house is a bunch
of things you dont want and which you would get tomorrow for free anyway

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Anton Khirnov]

Quoting Michael Niedermayer (2022-09-02 00:34:36)
> On Tue, Jul 12, 2022 at 08:20:18PM +0200, Michael Niedermayer wrote:
> > On Tue, Jun 14, 2022 at 12:09:59AM +0200, Michael Niedermayer wrote:
> > > On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote:
> > > > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc>
> > > > wrote:
> > > > 
> > > > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote:
> > > > > > Have you checked this with longer samples?
> > > > >
> > > > > ive tested it with the files in the bink directory on samples
> > > > > anything else i should test it with ?
> > > > >
> > > > 
> > > > Something longer, where is big gap between keyframes.
> > > 
> > > I would have thought that some of the 46 files in the samples archieve
> > > would have adequate gaps.
> > > Can you share some better test file ?
> > 
> > ping ?
> > anyone has more files i should test ?
> > if not, i suggest to apply this
> 
> google will publish this report in 5 days
> just a reminder this is a out of array write and it will be very easily
> searchable so anyone looking for unfixed bugs to exploit will try to
> exploit this

Then push the patch and see if anyone comes up with any samples.

-- 
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/bink: disallow odd positioned scaled blocks

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 1582 bytes --]

On Fri, Sep 02, 2022 at 09:11:26AM +0200, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2022-09-02 00:34:36)
> > On Tue, Jul 12, 2022 at 08:20:18PM +0200, Michael Niedermayer wrote:
> > > On Tue, Jun 14, 2022 at 12:09:59AM +0200, Michael Niedermayer wrote:
> > > > On Tue, Jun 14, 2022 at 12:01:14AM +0200, Paul B Mahol wrote:
> > > > > On Mon, Jun 13, 2022 at 11:55 PM Michael Niedermayer <michael@niedermayer.cc>
> > > > > wrote:
> > > > > 
> > > > > > On Mon, Jun 13, 2022 at 10:02:24AM +0200, Paul B Mahol wrote:
> > > > > > > Have you checked this with longer samples?
> > > > > >
> > > > > > ive tested it with the files in the bink directory on samples
> > > > > > anything else i should test it with ?
> > > > > >
> > > > > 
> > > > > Something longer, where is big gap between keyframes.
> > > > 
> > > > I would have thought that some of the 46 files in the samples archieve
> > > > would have adequate gaps.
> > > > Can you share some better test file ?
> > > 
> > > ping ?
> > > anyone has more files i should test ?
> > > if not, i suggest to apply this
> > 
> > google will publish this report in 5 days
> > just a reminder this is a out of array write and it will be very easily
> > searchable so anyone looking for unfixed bugs to exploit will try to
> > exploit this
> 
> Then push the patch and see if anyone comes up with any samples.

will do

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The worst form of inequality is to try to make unequal things equal.
-- Aristotle

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".