From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id B301543E0D
	for <ffmpegdev@gitmailbox.com>; Mon, 15 Aug 2022 19:04:24 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6596968B93A;
	Mon, 15 Aug 2022 22:04:21 +0300 (EEST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com
 (mail-oln040092072047.outbound.protection.outlook.com [40.92.72.47])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8AD9D68B5FF
 for <ffmpeg-devel@ffmpeg.org>; Mon, 15 Aug 2022 22:04:14 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Wr3bPUOVamhaQd2mnwk5VEDwBoNeU9iTT08ndV2yxa5tSBX26imFwEizCmjq4Wy9YXUpfMuaXYkJI/o+YpBD1MbDG1trrG7PL7b69+1F2lCgEKoTrKG0hI2GQG+u9dlXqmZBgVTjrhFxc2id/tslhczjcIWQVGS7/a55+YYx5mcjLrxmCLcYzsdrrJqcf+MVp9gF5H0qfCWWjV38TdLADoWr4BjL6NliAYTT4CzWxG8NA7L9iopZCYQ2x1MRhvH+sNfNkEazZU4WlrSwFIBgwzhKvXtvhhjTQRKUUJJchUT+mj8VERSAr+ECXmkaoPLi+IBxYi131I8IkLSVwZBFVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=r3dG+Q6FfYZnE658DrkBK1oL0JCAVQWafmMbg1+64pA=;
 b=CVMo7s2hXL9lb3QYYaC0+Ud7/0ztGrfsdwme6YB6dtE4lQQ9VuqE64v7q/MOHV9+pn07vnsU36xZKV5EPVbwJyBlP5h7MFaYXveTamFZ9Kh3T8LSVF5kMPUoxGzipVs45rOMiev8ZXcXO78hepKa9qv9/3bLnUQgvYVCBAv41WlDYZFIUbEwrJ61ziVbQTiAjTp1zV0RdTyAq9gxjm3ZLbqnBHCVJkC/HHSN8bsjdJw4g4taUt113IIlevowQJetvWFWhQAhAcb1dAx1KunEyWWhzrKwO2E9Z81uQvfhCZSH2LTXPo3mpDA6Vp2BZFNqM5zVj7318ofpv1a9yl3yAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=r3dG+Q6FfYZnE658DrkBK1oL0JCAVQWafmMbg1+64pA=;
 b=nQ9vbHNF1+4C+v760MAFMnQvRENN9OaS914YmDWLX1jSRvoq/lQTgdQNt/KLCvkDMkusNEXnBVdVu4K9DgBt8LBkuPVI5G9ug1LfxtvHI8eVsp8DHbHtd0fKXRe6wDXltfMYUFQFWSmJtXAykl9jpZK0K2C+dRQ84c0SXmRlOHovbwk74mpzg17qJJxa1brLtyh5oEcXMbCXO+lLd9gIK/sF5wsepwVFc3/BBW7hQho4cawwZTNAVKoFR3o0r45+kU6PxiRBQVUMEV3JAkQqEbIZ/y7DVmlr1LOpEZshWdDhj9FU8NQ6d5Iw9Gg2H/8b8QjFBWXLfbDa9e20LKJt9g==
Received: from DB6PR0101MB2214.eurprd01.prod.exchangelabs.com
 (2603:10a6:4:42::27) by DB7PR01MB4998.eurprd01.prod.exchangelabs.com
 (2603:10a6:10:28::31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.22; Mon, 15 Aug
 2022 19:04:13 +0000
Received: from DB6PR0101MB2214.eurprd01.prod.exchangelabs.com
 ([fe80::210e:b627:bcc9:8c46]) by
 DB6PR0101MB2214.eurprd01.prod.exchangelabs.com
 ([fe80::210e:b627:bcc9:8c46%11]) with mapi id 15.20.5504.028; Mon, 15 Aug
 2022 19:04:12 +0000
Message-ID: <DB6PR0101MB2214A3267513FE5CD48FEAD78F689@DB6PR0101MB2214.eurprd01.prod.exchangelabs.com>
Date: Mon, 15 Aug 2022 21:04:09 +0200
Content-Language: en-US
To: ffmpeg-devel@ffmpeg.org
References: <20220815175927.8743-1-michael@niedermayer.cc>
 <20220815175927.8743-3-michael@niedermayer.cc>
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
In-Reply-To: <20220815175927.8743-3-michael@niedermayer.cc>
X-TMN: [KsgBVKrjNaQJ42IH2/T9zy+tPSXYMPoC]
X-ClientProxiedBy: ZR0P278CA0136.CHEP278.PROD.OUTLOOK.COM
 (2603:10a6:910:40::15) To DB6PR0101MB2214.eurprd01.prod.exchangelabs.com
 (2603:10a6:4:42::27)
X-Microsoft-Original-Message-ID: <ebf7baa5-49c6-07ff-ddba-5c2593dadf92@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4d7a5b51-8e87-43e7-3eae-08da7ef0efe6
X-MS-TrafficTypeDiagnostic: DB7PR01MB4998:EE_
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: amGXvnxpXUA3Vcs7RXJ2wVVSmAVNjbuaDS5lgBv2bvZuguB9AAo7aLsKqegwPi/J2c5zsGq8BGxGzdgxzukeuiD+QrPLtyhDLzUdc0obM8pkU3X614z7zo2TUHnBk3mPWY4rqd7ridGVCHKbuAiWpO9PUA/cHnfSA7ioYUixXsF9gDwtnaLlP1pGoTOsmrUlsdE1y2GlTolWHg6YnHp66siRFjDlFppWKHVrWHyBjtALuAnT6dx9/EekacQ3TVm2EMhcEo/q717w4YrWwmVIHpnLp7WRuuEw0b7BFgOOM7kD/ibeIF+fWx/43vRT3o5LWGosTz0XEFcTHx/RtJKS5DlmZmdSBv/92wy4fWGJNAotsdnIbOcJAu+xSlMdB4BdOEX0jZniGRfE1HpxwouylCHTHywExPo8QXVzv8V0FMYjDDMOnikghswWHkIrCpwwQA/UPNfps2cwnUO4BgHHqh81w/ldskNMRaEKzzFr0XLSQ1pa50W1M6/1DrZUSqzlQdXoLoP9/qo0ilbK4FxmUhTt5hyyeki3X/QbsV6Vh95tfI+aUcyN3BAuAhkTF9V86XF3dlSMfoIGuO5+IYpcOJAljDl99Y+JLBcDVsiLTY3f/dSscY/CxSZK8Wu6u1gmGQX5734EZRll9nmpO4N2hpHLnZig7oLrGzFSXgcD2D141ou7Za1N/pF1eR3lnXEE
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?YmlBVW9YVEZkY3lzVFFpUHNjanhxSFJwTzBlRkN2S1kyOVpzTm5YUTVvVDVm?=
 =?utf-8?B?cHNKam81VGlWd1RrdmJQdVd0VkhMelRPMVZOOUFzU1JVcElCVE8xVmlZcHhQ?=
 =?utf-8?B?Qk9HbkZaMmEyZDUwNU5zZEdkSGRYL3VhL25aUEgwVE1EcHoxdk12bk1BZ0la?=
 =?utf-8?B?dU5KRWdZWmVWdEdRb2dOQUhpQ1lHSWNlWnkzeWdqcmk4ak1FTVNOZUNHUzR2?=
 =?utf-8?B?L25Va2pHZnE5aFlrZ2VScUp6UWlNWFdva2N6K0VNOUU0blRJMytOM3lrTDhW?=
 =?utf-8?B?UFJ2cGRvRUthRHpxT25ySFBJb2VHbXlFMTVTNDg5bnNhbnRPcHE4TE5MVCtJ?=
 =?utf-8?B?UEppeTBLYmZaWjc0K3M2UjlKMHZsUXNGMEVrVXFJeGVZaWpJbFRqNWhSbG1I?=
 =?utf-8?B?OGlWL0RvLy8xUjc1blBMM1FsalBGNU85eWFkNEo2eEtuN2kwTXdpbjlSUjdy?=
 =?utf-8?B?RTB3aWpMVlBkbUVrUTRlNnd3YnVsczlTdjN5ZmFVcDVKeUY1TzZlWlJ0Z3JL?=
 =?utf-8?B?Zml4L3VJenZ1Qmc2YWdlQ1ZkSjBjUWxLYk93Um5JZVV6TTNnTW5pc05PcUVC?=
 =?utf-8?B?OWFXaWZ6SU9STVdkMndicVk1SDVLMmdhVnFiNW8xc2hVaVIzcUpmMkdUUG0y?=
 =?utf-8?B?ZmNZY3prS0Q0TUkxVzY4ZHoycmFPMnlIKzlGc2lFeW1jWldmeW45OC9MbzZE?=
 =?utf-8?B?a21YTHByWDNRVkljK0Z5MkNSNGZ1V3dKZ3lxb0ZDRVdjU1NLTXV2OXprM3Y2?=
 =?utf-8?B?WDVaVHRJYnEwditHS1Z3bkgxMUJ0V2dMeTczQ3hQZVJ5RkVMby95WEVRbmhh?=
 =?utf-8?B?NE1RWkdOeitqMTVPd3gvdzMwSHdDS1A3Z2h5aVJnVy80VVZkaUY0N2QxUDhF?=
 =?utf-8?B?bEY1Ujk0aG9Tb0oycXp2SlNxZm5mRzVqUkZad3luSE9DZTBOT3BVbjNVaHpK?=
 =?utf-8?B?TDE2dkZXTDkvUFR3d09ZekpraWdPdnozdWVPdldJcXdBZjJiWUV3a0JlSVNm?=
 =?utf-8?B?enV2K1BSdmo2dzcxeC9kZ2lMMlhyaWZwLzdwRXJmL0h1SUtrdHAvcTZ3djhz?=
 =?utf-8?B?RERYMnljQ2RZYU5EdEd1N051NmVnOEl3aFovWld6SUJKSkNyWlJDNmtPMlc5?=
 =?utf-8?B?TUtYdndwWUFKQlRaanBtNGJjeUt6SXIvVG9yQ2g1QS82V3FNK1VLOXJ1bUt3?=
 =?utf-8?B?MlpVWHhjODNoaWNlL09mL3FZY2cvTndMYjU1RFQ4ZHNIMFVWMEdINDZVQlc0?=
 =?utf-8?B?aXBUWGg1b2h3ZjRuOGRESEROTlhLVCtlQlVCdi85R1VFSkJBUTRQMGh2QUxV?=
 =?utf-8?B?TTY2MElha3pGL09kMTFkSmNRUVVlWi9NcWEyVjVYaTBZMDkzbzhDdGpkMEw5?=
 =?utf-8?B?enhJQTVTSHpBUHE2M0EzeTdveVRrRUt6UDFOVlpVbGpLY2x3a0x2alhBY1dL?=
 =?utf-8?B?TnowYm9aTE5RV0ZhTXpNaTMyQkJiOFpUVTV1SmU5YlBwaVRtQTVXeVJEZ2Ey?=
 =?utf-8?B?b0Z1RGpGMDcybERqdllYdmhMcHRmRFppeFhnOFIxcnR5T05CYk9PSXNpU01Y?=
 =?utf-8?B?WCtIbkMxZEY5d0s0NVUwcjJ3UUlET08yb2ozdVpBYVI3bmlVNnpHb0kxaE1q?=
 =?utf-8?B?R2dSRVdYZStOTzhnQ2ZETHRFNGU3bEw2Mk85bjVFbFdnZ0w1NmZCaTl1RTBy?=
 =?utf-8?B?bGVyYkltZ2N5alRzYVl6Q0tGMlUyY0pFSS9NdUVQYVJVQUJremNoMGZSYUxs?=
 =?utf-8?Q?NJ5E/MS1+DCLM6hHJM=3D?=
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d7a5b51-8e87-43e7-3eae-08da7ef0efe6
X-MS-Exchange-CrossTenant-AuthSource: DB6PR0101MB2214.eurprd01.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Aug 2022 19:04:12.4690 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR01MB4998
Subject: Re: [FFmpeg-devel] [PATCH 3/4] avcodec/h263dec: Sanity check
 against minimal I/P frame size
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/DB6PR0101MB2214A3267513FE5CD48FEAD78F689@DB6PR0101MB2214.eurprd01.prod.exchangelabs.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Michael Niedermayer:
> Fixes: Timeout
> Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/h263dec.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
> index 8db0eccd89..c03a55a4fd 100644
> --- a/libavcodec/h263dec.c
> +++ b/libavcodec/h263dec.c
> @@ -553,6 +553,8 @@ retry:
>      avctx->has_b_frames = !s->low_delay;
>  
>      if (CONFIG_MPEG4_DECODER && avctx->codec_id == AV_CODEC_ID_MPEG4) {
> +        if (s->pict_type != AV_PICTURE_TYPE_B && s->mb_num/2 > get_bits_count(&s->gb))
> +            return AVERROR_INVALIDDATA;
>          if (ff_mpeg4_workaround_bugs(avctx) == 1)
>              goto retry;
>          if (s->studio_profile != (s->idsp.idct == NULL))

Is it possible that you wanted to use get_bits_left() here?

- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".