From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id A5B94458DD for ; Mon, 27 Mar 2023 09:59:17 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B158B68C9C9; Mon, 27 Mar 2023 12:59:14 +0300 (EEST) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04olkn2066.outbound.protection.outlook.com [40.92.74.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E6D8D68C495 for ; Mon, 27 Mar 2023 12:59:08 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z4TTdLU9l8GWTGzxkEB6Qhb5cVXXG37u0qySrrTD6HVW/ocrRS5h2PkCsFLSVa7G2K80eVhThHkFVguLoD5XrQFsYeWGbB5f35CZ1Z1aaySM8DCvGraVlq98hRVOqnxYTsq2hFBXconX6GeKNbVzDM03oYSo5+igPPbvZecfXKp6LEa6P7tIOYXUYIgyb3AMoYkm+f1GMoHOoBoIkOQax3M2QaQCcsvuCpeI/t9qgry7q4pH6U/pIFNxP9IqQQbbGBbfiojNAkTDtKwJfXX+4caBviShUF82+vs2akt/oufRe7dl1W4Gm8jobA7j1Xbljmhk6pFaYqu54N2AP7p6jQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cpY2An9OZQJ6Ka+g7xZvDGmKVSeh94jRSCT6ZrhUTQY=; b=UQy66+wqlc8JUj5LTqki5i96WRWj2y7MXIhyy3JiaJEXWYJaQ9qY1xxaTHvgZoO8/MEzHWPOBwU2M3Q+1RhjcvcqDbl0GWR/dp8aRvNMcv5eiOf5cTBieELRUxZMp5wLgO8615quPRMq9m9icSLthkMO0m8E+X94bpsyKgfflOO/i7jU2VtOo6gmgtWYL49t+41/CApCyy4xgG4ZancJqHavxFHh/5oQ7plVjdE5IkXAbyugF1jzSpAdLLNLo91u+dAJ8q08ydUEg3iMPeVoA8bWy4CvV/ghiHIYLJwZ7NUgcdiy8OARkXD5aBGAdOrSLt37SzzYmiac12uprQCUYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cpY2An9OZQJ6Ka+g7xZvDGmKVSeh94jRSCT6ZrhUTQY=; b=oDMON6sKLwtqPjVbR8cp6ciiIn2u5h+gtWnpi5m2j/q3GksZzt7gjUf5Yobz6IhkryobBi2LlgM4579AOVW+GvxoMuh/PUK08mR3Z2TbyFL0fYJXkwWfHJr858paQnlIQu93W4Xu005fIWYkN5bZtmztPyRn4exR9WoOIH2B1O1OSAMwAEUvVLhVGXxPxS8SbnRhMK/+8DyEZJyy0/jkYd21/Qa3Cufvft/WZIg0c4drwfTV7uYBchO98AdC7IpHLzeAGoddU8M1Ki+MOeswhe48uJScakTOV5jd7MSTg0y8GzKzKfwNERAR8BGQ8CuQ7L19Ev0FAph4WHjpp5s/2A== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by DU0P250MB0410.EURP250.PROD.OUTLOOK.COM (2603:10a6:10:342::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.24; Mon, 27 Mar 2023 09:59:06 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::bd9b:b9f7:e94a:109e]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::bd9b:b9f7:e94a:109e%7]) with mapi id 15.20.6254.016; Mon, 27 Mar 2023 09:59:06 +0000 Message-ID: Date: Mon, 27 Mar 2023 11:59:44 +0200 To: ffmpeg-devel@ffmpeg.org References: <20230326222642.2489-1-michael@niedermayer.cc> <20230326222642.2489-4-michael@niedermayer.cc> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20230326222642.2489-4-michael@niedermayer.cc> X-TMN: [cjoRw39ARl1ZrdusWDdUP8YKprg/X2cil39Od0BWreg=] X-ClientProxiedBy: ZR0P278CA0152.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:41::10) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|DU0P250MB0410:EE_ X-MS-Office365-Filtering-Correlation-Id: 1f1fc435-f07e-4a59-84cd-08db2ea9e6e9 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2nsBzxf6WLmALKBebt9HU7OnFkjwyT+m5XwQKRuw5CjJI7YFjI0bonUEW0DTWRU+XFHUt1nJdwwpKYqsbF3JjtYNVUD9kJR6lY8cI8yLkEhg9ZmE8HfJCQAPikw30VqaeYGuT2Vh976C/JW78rV9oajd4lSAWs6/7K9rC3UBgLZu2EHdtAn4ntKF4nvLnM5bCXnL6kjV0VwnXLv+z2F9cc8H0nj8BHlNdhBjs1yvNx0hz/21QYkFh2DJI7Y2+XSWG3OmeV0ZpU+Itt86ik6/hzqrzcCEa/BsY2JLx5hjkASyaeE7R1OBzazLA4GdYBZmxV51Ko4dXYUhUoptzjYbmpjUPEt+5xrI6DdIKDcw4tqKVXfJV76ZnfEibqfRhHMvAsQhlpOaI9zE9uy4JXgBaIi3kqGOuz7ppj6abCK3stAuoD4ht1YCdxzJ+ZffQHi7V3bStjXPBjAbMbLtY1Q/LADJ/UTzEvJwMt491LvsmYGCIdQiFQhqmF9dsCrUdrJ+J1C1dxNXr4sbviGBmOZgVYafqfi8F+cfeVxlvxvpjlVfBsXiFG9+KomBAtcswcT3XJKxrv6Ss5JnkfTILsDSijiJjG5rjRw5+HbUV1jYI2Q= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Y2FrQVRjZUMrUW1ITXRNMmJiS2ErWjVzY3lSbWp0cE0yTzhXOUNpQUhMT2ds?= =?utf-8?B?TDhXOTFCOVJvcll6c3hxM0lueUN3QU9DTWQ2ZVR4OTlxV3BNUGRkK3hGZzBv?= =?utf-8?B?VnhGTG1wSGlHdTNNOGZvYjJsNm9OY1I2WGZnRXpuK3FXOWphRE9HN2NCdU1v?= =?utf-8?B?TTRGMUNGakhlRmxtMzdQd2FJb0tZOVUzckJxS0hYN2ptUUJCYzJ4R1AxYUFX?= =?utf-8?B?dlBTbVRrVGNORU4xWWUxUnN1OXk5TW9XaVpPbTVyYk0wUytpTUFQQ3RTSERK?= =?utf-8?B?SHRZUG91MDNmOFRLNmgzYVhlQUUyRFpnR0NmTVR0Nmk1b3paaXZVdXR6aVdV?= =?utf-8?B?dFFDemRsS3YrYURSWExRNFVodGtuZHVzZjREalcvY1ZDdEJGUk1Td2JibTJO?= =?utf-8?B?MHAxbDZRbVdSbW9RbnNXMHZ0a0NrNnhyRGFBK3AxREphTmxldHFGNkVwNzNX?= =?utf-8?B?WWxyQUxHTHY5RitBS0dGVW1MSS9IRmYzU1BzQklMSzBYRDRpRng4RHVuK0RZ?= =?utf-8?B?bU9vaDNJdTNpNVFHNDJub2Y1Q1ZRc0RXaS9mVTRWS253QUtRUElaNWtiS1RE?= =?utf-8?B?b2tvM0k1blNrSGh2MGdkdmtPcU5NQTFJT3BnSVFLdVR4akJnUDU0WXZvTTQ5?= =?utf-8?B?aFhpSFhsakpjTlpUQkpGczYvSGtGaExSMEszUE1KaXVCRDB2UmRaUTc3d0dX?= =?utf-8?B?RjlaV245R1lBanBjdkc3S2lvNVJMN3RLM2dlYStsSmN1REVKcUZHOUl0UWNJ?= =?utf-8?B?SHlCbWNxNDZGeHY4d2ZiU0lRU0VhalluRHJUL25BZjQ3WlBrd1p6VllSTG5K?= =?utf-8?B?UU80OW05QjVkS2JjbXV2cjhMSUdZQnRJck9mUXVWNEM5cDV0OTVwM09ZWUtz?= =?utf-8?B?a1daMWtNRytBVlkzSDQwWGg0QzIyRnJsNnRpb01LQlM2QTQxSWx2a0V5Q3ZX?= =?utf-8?B?Ty9KanFzNWZLT1V2c0lrNGxBZXZ5VGRNL3pHeWp3em9hV1EwVmsxU3Z1MVI1?= =?utf-8?B?WUdWTFhVYW96ckRWL2dRTTFHZjZmVjgyQTI3a0hVdTRNUjFWeFhRbDgybGRv?= =?utf-8?B?WW4zMEN2YU1QeE1qZDRUa3BKSlhsVUR3OU5DYmpORmVibXM1MmdWZ2FyZWJG?= =?utf-8?B?ZG9hZk9hRGZPdVVucGF4eS9WdC9nZVVvM25TUEM3MzQxNW4venRlYm1lN2Zh?= =?utf-8?B?QzJUeHVHblRiL3ZkS1F0VmpTamVVdEUzMUVSSWdSOTE0anNVZW5NYXlJTEUv?= =?utf-8?B?bWJhRjdLbHFCSnliVXJyNm5yVnpBc01NZm5BUWFSUmtsTkpwSUlRckl0UG9P?= =?utf-8?B?N1hJUTF4VmNCeVM1eVR2SHE5YXhTZ3dTSFJ0NmRycEtaQzZWRE16VURUZnZp?= =?utf-8?B?NmVpTGYrUmk4VkFyQkxaWk9nZTg5RUt3TlEyNVV0ckcwSUVyaUpWVVc5d3h4?= =?utf-8?B?aE9KQkxXc3FJWW5YQjl5WGRER0o4SzFMYks1QUUzK0JyWUVmV3ovUnN6VVAx?= =?utf-8?B?QUpYalNkVWJNa245RTVsZ3NVVFlrVUg2di85Z1d6R0NROFR3WWttNnI1Ymdj?= =?utf-8?B?S1dEUTgvQWN4Rklxa2hNR2syZVV5S2dPaG5CaW1KeHZuRXY3Ny9qSnd5c0Vi?= =?utf-8?B?aVRWV3JVb21XZkcrOFpBNHRUTTdsVXNoY0haMUM5cUJ6TjIvT043eDY3RGJ0?= =?utf-8?Q?MiqGnersmE7QBA7Jxcq6?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1f1fc435-f07e-4a59-84cd-08db2ea9e6e9 X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2023 09:59:06.5892 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0P250MB0410 Subject: Re: [FFmpeg-devel] [PATCH 4/4] avcodec/vp3: Check width to avoid assertion failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: Assertion failure on x86-32 > Fixes: 39641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5925660741206016 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/vp3.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c > index 9660def675f..22348559461 100644 > --- a/libavcodec/vp3.c > +++ b/libavcodec/vp3.c > @@ -2353,6 +2353,8 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) > s->avctx = avctx; > s->width = FFALIGN(avctx->coded_width, 16); > s->height = FFALIGN(avctx->coded_height, 16); > + if (s->width < 18) > + return AVERROR_PATCHWELCOME; > if (avctx->codec_id != AV_CODEC_ID_THEORA) > avctx->pix_fmt = AV_PIX_FMT_YUV420P; > avctx->chroma_sample_location = AVCHROMA_LOC_CENTER; > @@ -2919,7 +2921,9 @@ static int theora_decode_header(AVCodecContext *avctx, GetBitContext *gb) > /* sanity check */ > if (av_image_check_size(visible_width, visible_height, 0, avctx) < 0 || > visible_width + offset_x > s->width || > - visible_height + offset_y > s->height) { > + visible_height + offset_y > s->height || > + visible_width < 18 > + ) { > av_log(avctx, AV_LOG_ERROR, > "Invalid frame dimensions - w:%d h:%d x:%d y:%d (%dx%d).\n", > visible_width, visible_height, offset_x, offset_y, > @@ -2965,6 +2969,8 @@ static int theora_decode_header(AVCodecContext *avctx, GetBitContext *gb) > } else > avctx->pix_fmt = AV_PIX_FMT_YUV420P; > > + if (s->width < 18) > + return AVERROR_PATCHWELCOME; > ret = ff_set_dimensions(avctx, s->width, s->height); > if (ret < 0) > return ret; Always mention in the commit message which assertion fails when fixing an assertion. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".