From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 82B824AFBC for ; Tue, 25 Jun 2024 20:06:17 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0B16C68D3C1; Tue, 25 Jun 2024 23:06:16 +0300 (EEST) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2071.outbound.protection.outlook.com [40.92.91.71]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1798868C4C8 for ; Tue, 25 Jun 2024 23:06:10 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ol8T7223Tn02errU+/RS0DO1bMc2EojkC8Q4KW2HdLpzPxMxxf9n7yP8BLWKV06RWSJtw4kI9NaWzoLuoVdS5/rgDl5tix8YuiuTX0Li8hKN8D30gYmGxZAbPOD5zv7UaaIztQpJy642kQMkf4TcMFH2tLJSdTI/YiEkNxcGgX8C94d8GgJJLzAgMpA6q0wUOo+qX4zd/egBxB7QUOnXaYHXFIg4X4LnLactm6fC1H3aa5Cw87lw8fxojX7z7wcOjLzlvCy56doGFYh7R11bO5WoJZsqjwKpW8mPE06/aawhov1bXhxIRGeNxsupAYALkEvRX9woVpdACTKh2Znlfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=snlU2084Xwp3nAE11/y31LdiqQa8435Uch38nX7Vh2o=; b=SSoZpChjAurXTq8SpxktxMOHMGfDMUL55pqCaBWTUKboGHoF57UZyd805NiV4IZf0ZcpUDeb1mO76u6rJ/udEITsJzIstetTHZb1EaLYQHBsjTpMW5Wp7LnsznnWrUjy1Sc+y5d4urcbbof/IWicza4lNX0Su7kPfD//3iP6X2l4tOwuWb66KmqLWN7k6ZzPL5KvYZq4V/rwPcRPhmDLNjMV610HipsWthdsLsfQJm6FLXqbvAnKZnIyy/s9csDBreFiUHVNbLkz519qCtIpEYXqzvMv/EfaP3GgzJiv/EqgICLUP1VJ+4y91M0Jecpyt3vqPbMaN6yTyH8rptY2Ow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=snlU2084Xwp3nAE11/y31LdiqQa8435Uch38nX7Vh2o=; b=EUlOz95dsDIfT4QX4HaZGiZLNioJfCzQ4W5EwIW9tw776u6BR59QJEnCJH3+HbcNMjiXMs9j8Q3bPeukc5n9bSi9kYaPMejMfou3Yo9Nye6GFm/35O/WUAs8rZXp9KR0ipBKN8iFSi3teRtG9zUHsHPcClUc5lX9BZX9WOx3+yCr9XnU2affAGD0ECeIols8VS2vzW1DEFlqw7zcWfLu3LXHw0olw8UDq4HKM2oMUpoZjY1PIWYY+L/Scdj1lpSVtW4bYjWI1FHUmcVgmxyjPleMdBCQUzX10O7U9IAJG7XT0xkpXXxQzG/rHuMNrSqEz/bRb59fwKqIOxS0s8JF7g== Received: from GV1SPRMB0034.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8b::21) by AS8P250MB0379.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:37f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.32; Tue, 25 Jun 2024 19:51:35 +0000 Received: from GV1SPRMB0034.EURP250.PROD.OUTLOOK.COM ([fe80::fe79:7bb9:b2e6:b9e0]) by GV1SPRMB0034.EURP250.PROD.OUTLOOK.COM ([fe80::fe79:7bb9:b2e6:b9e0%4]) with mapi id 15.20.7698.025; Tue, 25 Jun 2024 19:51:35 +0000 Message-ID: Date: Tue, 25 Jun 2024 21:51:32 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240426235211.3718252-1-michael@niedermayer.cc> <20240426235211.3718252-3-michael@niedermayer.cc> <20240625194705.GH4991@pb2> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240625194705.GH4991@pb2> X-TMN: [URLDieREMizszLXkKA0S62nMDXU0AfyGGSXR7JrSqXw=] X-ClientProxiedBy: FR4P281CA0378.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f7::16) To GV1SPRMB0034.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8b::21) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1SPRMB0034:EE_|AS8P250MB0379:EE_ X-MS-Office365-Filtering-Correlation-Id: 4bdad35a-a8ec-4f17-93f7-08dc9550380d X-Microsoft-Antispam: BCL:0; ARA:14566002|461199026|1602099010|3412199023|4302099011|440099026; X-Microsoft-Antispam-Message-Info: lqTUmOZJtDddJzN+lkIyF8Go+mLmEdzmn3dIU6yCPnAZ8jb9xvGX4Ado3TOeDS9bRFh540dngUh5zFLwiap/0JPC8bNhyrF5+XwFME1Ju1G/dAHa9rQSzTSg3ZHfDubbuU2/FibTmP8SQxnE6OakrN7q2l4ajxZJRhfkPpKbB1lgVMrVa9al4CXYQ6xHcFxJNSFVO9wR0tTOyIqqPRD2py6LBR7pheo5qEt+NTJmGI7clUXOKrtJa33Go8CWIZZS3s6qWRFfztg36MMyFwtq6CidqFd97GnYF+s9gYa1ST6VjGno2HYOfPrWfKb8ntEsms0X+ftYAX2knaFUTiEmxk18llw1/OWM4J0fz+odoivg4fXqPsul3huIhoAiNaQrw2TiGZakCHIZ054dmfPPukcevhx/5EXec0N7uQtD6DGOWJCo62HM/RPCAwzbD1w2NeUXTlgWq3Hfs9uJdOftOPrtUkF/FNRO2oTRxQsTKo+ffR2azMUHmI2Bhea2IalfgS5NqegPuQiAqHTuUu4iB9fe0BdlXL+ZnUSjzr9B7h7zB7zeUNYHlNaSslw79sUakWcQ2qA5rsJMB+bhi2BcY36HFu2E1yuz+Zip2GzAYJjKx50wgA0WLQyZtEjd/QdDFH82iF2yaRfclhiBQqsRMrBFqcKun47mwOB48TFfqAkswTtcvfSbItk4bGTEBAdn X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZEZWYWRZMTlWZDBOV0lQVUVPMVJGTkNUWEN6Y0hwcXRMYmJYUG5NcXp6MkNY?= =?utf-8?B?UWZ6WEUwSzRJYzdWVWlYMnc3YUhxY2VJSDdKeDBLUjRSc2FqUjlHWUpGRnJt?= =?utf-8?B?Zzhkd0x5YU1zSUhaOGkraWluYWVoV3NjS1JxWHFPbEtaZy93SGg1amhGK2xK?= =?utf-8?B?aEtOVHU1MXZaVnNXUWF1VmYrVUFrdCt6SkJhL3ByQ05Wa1NRaGNXV2prMlg2?= =?utf-8?B?S0lwREdTaE1rRTJiMm4yaVFxYnlqZlZBV0tmbHZKcHdhT3E4eHZJWHIzbUpT?= =?utf-8?B?a1dRS3FuUDVqMjl2WEVnYVZMcTJpMlprVHdNU3F5dnEvRFY3YTlCZmVDNTdW?= =?utf-8?B?cTd6aVFVaHFqYWxnU01YWWR0ckRtd2t4VXpDTlRhbmJ5K3MvaC9HSkZKVmpB?= =?utf-8?B?WlhCN0ZPckJva0hEWTFpNk52U3N2ODB3ckRBZDQvNVZtNTRIZ013TGhCTFJ3?= =?utf-8?B?Q1BMUE9ib1pZL0htWkxvc0RoZzZtTEM5a09wWUlid1lwS0thUUdza0JoWTcy?= =?utf-8?B?WUxOWlhWelI4QTYrZzNHR0pFTFZyVE9UK05DalJWTEpRZTZGNzNSOVlKMUtW?= =?utf-8?B?SE9vRElyL2hZQ2NTcCtIS3Q4KzNxZGV3TXVDV0dRandnMTZtOXVpUnFQcDVI?= =?utf-8?B?eTN3R2wxOWNhd3ZCK3N1VEhTdkgxbjZKOU1FU0RtellVYTJLdVIvV0t1cjhX?= =?utf-8?B?M05kSHpwc3o3QThEeDRaR2lHOCttVzNTUDg5TllvWSsvemNOQVA0Q3F1VUY1?= =?utf-8?B?WDhDNUw3V3BPczlGUzBVZkpNQnlhWUQrZm9GaE1vekNYUzlOUW1LaG42VjQ1?= =?utf-8?B?N1lyNUhUUER6NTJxYWppd2FHcEVIdHYvemVXcUh4Qks4SlBqWmlaTGltOW5i?= =?utf-8?B?RXFJdjhRaHNsSVVQaWlHZEw3alUxVVFmVHpCK0ZHdHBoek05NnF5UU1nbTBL?= =?utf-8?B?bTdzTDNIMWVlWTJrc01rNDVkQkVQMlhlb1hvK0VwLzk3MjNsK2NTRGtNTENV?= =?utf-8?B?MTcra0l1bHNjM0VydklqUzBZRUJ0VWxLMWVCNnAyNXowTldPMUlPMEExUlZ4?= =?utf-8?B?YXc2aWJjQmxKYmhLczhSL2E4OHVGTXhCN2NnL1gwakNHcVFUOUhhbVRBMFNo?= =?utf-8?B?bnMxU3Y5U3VqaEFnbE43YUg4Q2lFT2RTMlQzcXA0SFN5dGpBU1VxM3o2VzVY?= =?utf-8?B?TllDaGhLYkpkU0NESC94emRpaHJtS0VxTVVtK1dLK2Z6enV0Y0hBbFl0NWlL?= =?utf-8?B?OGVWT0JJdHBHQ3h3Y204Y2FpWVg3eFZmZTcyNG5wbGl1VlBMaHRZbVFDWlpq?= =?utf-8?B?Kyt6c3Ftak50Q2wzZDhHUkNnUU9NWEFJQi8yQVZvU2RiQllHQUZ5ZUZOeVdn?= =?utf-8?B?MlVYdEtUUlpud2x3WjFZeW4zSGZoWDdCWEVROVZ5ZTNDaE9rK2kwU2xjdktX?= =?utf-8?B?VFdPanA4RVB5a3RPbWhYMnZBOE1oYTFwSDBUTldUVjhTTitVTG4zaVpHZ1pa?= =?utf-8?B?UnBBZ1VqTnhMZUQzNlBZKzl3Zk1icHpCVlVMakc1WE5mZGo5UE9hQlVoSVJO?= =?utf-8?B?VFI5SDh1aGQ1Y3FucFl6Ujh4ZTFFVmExVVZBY1BoZ0pRTGpJYTQwYTFmLzZl?= =?utf-8?B?ZnMyR3ExM0ZIcDlhMnR3M1VpdlFUaXJjT0RlWGJVLytBMTEzRlU4SndpYTlK?= =?utf-8?B?Um9RSmhBNzJFSE9Kem8xTjJ6MUxWYkhMcy9TZnBBalhTUXlUcEFSY3FnPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4bdad35a-a8ec-4f17-93f7-08dc9550380d X-MS-Exchange-CrossTenant-AuthSource: GV1SPRMB0034.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2024 19:51:35.3242 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P250MB0379 Subject: Re: [FFmpeg-devel] [PATCH 3/5] avcodec/decode: Check progress before dereferencing X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > On Sat, Apr 27, 2024 at 01:13:54PM +0200, Andreas Rheinhardt wrote: >> Michael Niedermayer: >>> Fixes: NULL pointer dereference >>> Fixes: 68192/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP8_fuzzer-6180311026171904 >>> >>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >>> Signed-off-by: Michael Niedermayer >>> --- >>> libavcodec/decode.c | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/libavcodec/decode.c b/libavcodec/decode.c >>> index d031b1ca176..a6131941f43 100644 >>> --- a/libavcodec/decode.c >>> +++ b/libavcodec/decode.c >>> @@ -1744,6 +1744,8 @@ void ff_progress_frame_report(ProgressFrame *f, int n) >>> >>> void ff_progress_frame_await(const ProgressFrame *f, int n) >>> { >>> + if (!f->progress) >>> + return; >>> ff_thread_progress_await(&f->progress->progress, n); >>> } >>> >> >> Can I get the sample? I see two places in VP8 where the VP8Frame >> pointers are set before the actual frame inside it is properly allocated. >> >> (Actually, it was intended for this API to not support waiting on >> non-existent frames (i.e. let the caller check for this; in most >> instances, it is already guaranteed that the frame one waits one exists, >> so this is unnecessary for them).) > > did you receive the sample i sent you in april ? > > any update on this ? > its still crashing without this patch > > Running: 68192/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP8_fuzzer-6180311026171904 > libavcodec/decode.c:1766:44: runtime error: member access within null pointer of type 'struct ProgressInternal' > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavcodec/decode.c:1766:44 in > libavcodec/threadprogress.c:72:36: runtime error: member access within null pointer of type 'ThreadProgress' (aka 'struct ThreadProgress') > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavcodec/threadprogress.c:72:36 in > Totally forgot about this. Will look into it. Thanks for the reminder. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".