From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id AA643436AC
	for <ffmpegdev@gitmailbox.com>; Sun, 21 Aug 2022 10:52:27 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4BF8768B98D;
	Sun, 21 Aug 2022 13:52:24 +0300 (EEST)
Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com
 [209.85.128.173])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 06D5468B7AB
 for <ffmpeg-devel@ffmpeg.org>; Sun, 21 Aug 2022 13:52:17 +0300 (EEST)
Received: by mail-yw1-f173.google.com with SMTP id
 00721157ae682-3246910dac3so223930957b3.12
 for <ffmpeg-devel@ffmpeg.org>; Sun, 21 Aug 2022 03:52:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc; bh=vLz0Hp6z8BtqHeWOMjsp3fGYTJZwAcs0Lz0VUVb59VI=;
 b=VS/byoAkpSJPNAgkCDGrep7jvFjcUAWK2xbLdsFudX9mBuGKKxBmczYPXUwOPh/94N
 ZMxEi3tt1o8liUlTExTfw2o3ZqX8W/92qO9a+jbG3Wqe3UuhnpBosPzCf15OZbk/Ioui
 3aqvhAzR4P2fOwYkoplslyDQgNQ8QGsDU+ybeWPn2O33GStWZvLLJPC2TeGza75mdBx3
 CXWj3mNsHIUAKkSjjMSWwc8ozO2gN24MxktlZvjv9PUKsvHbKCRux22YX3Jn1oxiNfjs
 qQmaXOV2EHJYZXl37E4IvR9WOJ2zXZsB/2JDmmtRlJtlg7L6IOsrlnRZFqSao8mSKH9H
 099g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc;
 bh=vLz0Hp6z8BtqHeWOMjsp3fGYTJZwAcs0Lz0VUVb59VI=;
 b=k29kRdZkriLDqoEVhy2CXDy2l7XHsSoJlQT6mQexHTdqJt179JKbR7CGOosyO7MwoL
 5Pvw5S0y382wtPIOmMck4Coiur5qNdvx4aeCyX/7bDxk+CXVCDpZUgiPWEsVPSqlGv1D
 4jM5106m7t3isz47iRgtAcOZ5RkPtlqtUrXJ8VzGiMraK2kUM5kafV6YzIXkCt5xdNQB
 Yp9la21lnevFKfBl3y5vNxMVeAdOlNjUFQ3sXaqzBkJmVzoWtvPbCIHNknxIy5GS2t0Z
 bJ1jgL/4kkSVt7zr/4JdqiqocdF8bO2vtBZnIBWT8dsBGdjNS9oyrL3RvLBRA2LsQoXy
 hCWQ==
X-Gm-Message-State: ACgBeo3RVDMiIsYO5Ag7q4aCXoVqEmhnv2Bq007yPnTQbKTL+g4CpCUa
 pqZpYqbPCtPfVQ5g2NXEcnwCultXtxpPRvTtKXsg0ioT
X-Google-Smtp-Source: AA6agR4Bgm337jwYPvfwadrGcVS9jRh3j61CtutLHONpZWQw1czfYERwjj9oi3/XrOOz9ogMuNt0HpSlAMB7TYVf+l0=
X-Received: by 2002:a0d:e28c:0:b0:334:2a33:b923 with SMTP id
 l134-20020a0de28c000000b003342a33b923mr15163274ywe.177.1661079136530; Sun, 21
 Aug 2022 03:52:16 -0700 (PDT)
MIME-Version: 1.0
References: <20220818223535.13078-1-michael@niedermayer.cc>
 <20220818223535.13078-4-michael@niedermayer.cc>
In-Reply-To: <20220818223535.13078-4-michael@niedermayer.cc>
From: Paul B Mahol <onemda@gmail.com>
Date: Sun, 21 Aug 2022 12:54:57 +0200
Message-ID: <CAPYw7P7A+m0b4s3rRmkK3G3cCXDeOTgcxEFpNQ_HKeHZAUTYYw@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [FFmpeg-devel] [PATCH 4/4] avcodec/speedhq: Check width
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/CAPYw7P7A+m0b4s3rRmkK3G3cCXDeOTgcxEFpNQ_HKeHZAUTYYw@mail.gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On Fri, Aug 19, 2022 at 12:36 AM Michael Niedermayer <michael@niedermayer.cc>
wrote:

> Fixes: out of array access
> Fixes:
> 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400
>
> Alternatively the buffer size can be increased
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/speedhq.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/speedhq.c b/libavcodec/speedhq.c
> index c43de4f199..ffee5f973b 100644
> --- a/libavcodec/speedhq.c
> +++ b/libavcodec/speedhq.c
> @@ -499,7 +499,7 @@ static int speedhq_decode_frame(AVCodecContext *avctx,
> AVFrame *frame,
>      uint32_t second_field_offset;
>      int ret;
>
> -    if (buf_size < 4 || avctx->width < 8)
> +    if (buf_size < 4 || avctx->width < 8 || avctx->width % 8 != 0)
>          return AVERROR_INVALIDDATA;
>

Is this right thing to do?


>
>      quality = buf[0];
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".