* [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka
@ 2023-04-27 18:38 Michael Niedermayer
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 2/3] avcodec/hevcdec: do not memcpy into itself Michael Niedermayer
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-27 18:38 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: Timeout
Fixes: 57993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-5825782785376256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
tools/target_dec_fuzzer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 87a9f6eb17..d8e93f3a21 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -271,6 +271,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
case AV_CODEC_ID_QTRLE: maxpixels /= 16; break;
case AV_CODEC_ID_PAF_VIDEO: maxpixels /= 16; break;
case AV_CODEC_ID_PRORES: maxpixels /= 256; break;
+ case AV_CODEC_ID_RKA: maxsamples /= 256; break;
case AV_CODEC_ID_RSCC: maxpixels /= 256; break;
case AV_CODEC_ID_RASC: maxpixels /= 16; break;
case AV_CODEC_ID_SANM: maxpixels /= 16; break;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* [FFmpeg-devel] [PATCH 2/3] avcodec/hevcdec: do not memcpy into itself
2023-04-27 18:38 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka Michael Niedermayer
@ 2023-04-27 18:38 ` Michael Niedermayer
2023-09-07 22:07 ` Michael Niedermayer
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 3/3] avcodec/hevc_ps: Avoid signed overflow before check on QP Michael Niedermayer
2023-04-30 22:33 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka Michael Niedermayer
2 siblings, 1 reply; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-27 18:38 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Iam not sure if this buffer setup is intended but if it occurs memcpy() cannot always
be used
Fixes: memcpy-param-overlap
Fixes: 58062/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4717458841010176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/hevcdec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
index 0fa4fdd59d..1e590ec5d0 100644
--- a/libavcodec/hevcdec.c
+++ b/libavcodec/hevcdec.c
@@ -1542,6 +1542,7 @@ static void luma_mc_uni(HEVCLocalContext *lc, uint8_t *dst, ptrdiff_t dststride,
src += y_off * srcstride + (x_off * (1 << s->ps.sps->pixel_shift));
if (x_off < QPEL_EXTRA_BEFORE || y_off < QPEL_EXTRA_AFTER ||
+ s->frame->data[0] == ref->data[0] ||
x_off >= pic_width - block_w - QPEL_EXTRA_AFTER ||
y_off >= pic_height - block_h - QPEL_EXTRA_AFTER) {
const ptrdiff_t edge_emu_stride = EDGE_EMU_BUFFER_STRIDE << s->ps.sps->pixel_shift;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* [FFmpeg-devel] [PATCH 3/3] avcodec/hevc_ps: Avoid signed overflow before check on QP
2023-04-27 18:38 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka Michael Niedermayer
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 2/3] avcodec/hevcdec: do not memcpy into itself Michael Niedermayer
@ 2023-04-27 18:38 ` Michael Niedermayer
2023-04-27 18:49 ` James Almer
2023-04-30 22:33 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka Michael Niedermayer
2 siblings, 1 reply; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-27 18:38 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: signed integer overflow: -2147483648 - 5 cannot be represented in type 'int'
Fixes: 58066/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5312995835379712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/hevc_ps.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 1533e2a817..6b8f432609 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -1522,9 +1522,9 @@ static int pps_scc_extension(GetBitContext *gb, AVCodecContext *avctx,
pps->pps_curr_pic_ref_enabled_flag = get_bits1(gb);
if (pps->residual_adaptive_colour_transform_enabled_flag = get_bits1(gb)) {
pps->pps_slice_act_qp_offsets_present_flag = get_bits1(gb);
- pps->pps_act_y_qp_offset = get_se_golomb_long(gb) - 5;
- pps->pps_act_cb_qp_offset = get_se_golomb_long(gb) - 5;
- pps->pps_act_cr_qp_offset = get_se_golomb_long(gb) - 3;
+ pps->pps_act_y_qp_offset = get_se_golomb_long(gb) - 5U;
+ pps->pps_act_cb_qp_offset = get_se_golomb_long(gb) - 5U;
+ pps->pps_act_cr_qp_offset = get_se_golomb_long(gb) - 3U;
#define CHECK_QP_OFFSET(name) (pps->pps_act_ ## name ## _qp_offset <= -12 || \
pps->pps_act_ ## name ## _qp_offset >= 12)
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/3] avcodec/hevc_ps: Avoid signed overflow before check on QP
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 3/3] avcodec/hevc_ps: Avoid signed overflow before check on QP Michael Niedermayer
@ 2023-04-27 18:49 ` James Almer
2023-04-30 19:58 ` Michael Niedermayer
0 siblings, 1 reply; 7+ messages in thread
From: James Almer @ 2023-04-27 18:49 UTC (permalink / raw)
To: ffmpeg-devel
On 4/27/2023 3:38 PM, Michael Niedermayer wrote:
> Fixes: signed integer overflow: -2147483648 - 5 cannot be represented in type 'int'
> Fixes: 58066/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5312995835379712
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/hevc_ps.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> index 1533e2a817..6b8f432609 100644
> --- a/libavcodec/hevc_ps.c
> +++ b/libavcodec/hevc_ps.c
> @@ -1522,9 +1522,9 @@ static int pps_scc_extension(GetBitContext *gb, AVCodecContext *avctx,
> pps->pps_curr_pic_ref_enabled_flag = get_bits1(gb);
> if (pps->residual_adaptive_colour_transform_enabled_flag = get_bits1(gb)) {
> pps->pps_slice_act_qp_offsets_present_flag = get_bits1(gb);
> - pps->pps_act_y_qp_offset = get_se_golomb_long(gb) - 5;
> - pps->pps_act_cb_qp_offset = get_se_golomb_long(gb) - 5;
> - pps->pps_act_cr_qp_offset = get_se_golomb_long(gb) - 3;
> + pps->pps_act_y_qp_offset = get_se_golomb_long(gb) - 5U;
> + pps->pps_act_cb_qp_offset = get_se_golomb_long(gb) - 5U;
> + pps->pps_act_cr_qp_offset = get_se_golomb_long(gb) - 3U;
Spec compliant values for all of these are in the -7..17 and -9..15
range, so just use get_se_golomb() instead, which i assume is for small
values, much like get_ue_golomb().
>
> #define CHECK_QP_OFFSET(name) (pps->pps_act_ ## name ## _qp_offset <= -12 || \
> pps->pps_act_ ## name ## _qp_offset >= 12)
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/3] avcodec/hevc_ps: Avoid signed overflow before check on QP
2023-04-27 18:49 ` James Almer
@ 2023-04-30 19:58 ` Michael Niedermayer
0 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-30 19:58 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1956 bytes --]
On Thu, Apr 27, 2023 at 03:49:54PM -0300, James Almer wrote:
> On 4/27/2023 3:38 PM, Michael Niedermayer wrote:
> > Fixes: signed integer overflow: -2147483648 - 5 cannot be represented in type 'int'
> > Fixes: 58066/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5312995835379712
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavcodec/hevc_ps.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> > index 1533e2a817..6b8f432609 100644
> > --- a/libavcodec/hevc_ps.c
> > +++ b/libavcodec/hevc_ps.c
> > @@ -1522,9 +1522,9 @@ static int pps_scc_extension(GetBitContext *gb, AVCodecContext *avctx,
> > pps->pps_curr_pic_ref_enabled_flag = get_bits1(gb);
> > if (pps->residual_adaptive_colour_transform_enabled_flag = get_bits1(gb)) {
> > pps->pps_slice_act_qp_offsets_present_flag = get_bits1(gb);
> > - pps->pps_act_y_qp_offset = get_se_golomb_long(gb) - 5;
> > - pps->pps_act_cb_qp_offset = get_se_golomb_long(gb) - 5;
> > - pps->pps_act_cr_qp_offset = get_se_golomb_long(gb) - 3;
> > + pps->pps_act_y_qp_offset = get_se_golomb_long(gb) - 5U;
> > + pps->pps_act_cb_qp_offset = get_se_golomb_long(gb) - 5U;
> > + pps->pps_act_cr_qp_offset = get_se_golomb_long(gb) - 3U;
>
> Spec compliant values for all of these are in the -7..17 and -9..15 range,
> so just use get_se_golomb() instead, which i assume is for small values,
> much like get_ue_golomb().
will apply with that change
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka
2023-04-27 18:38 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka Michael Niedermayer
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 2/3] avcodec/hevcdec: do not memcpy into itself Michael Niedermayer
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 3/3] avcodec/hevc_ps: Avoid signed overflow before check on QP Michael Niedermayer
@ 2023-04-30 22:33 ` Michael Niedermayer
2 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-04-30 22:33 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 623 bytes --]
On Thu, Apr 27, 2023 at 08:38:38PM +0200, Michael Niedermayer wrote:
> Fixes: Timeout
> Fixes: 57993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-5825782785376256
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> tools/target_dec_fuzzer.c | 1 +
> 1 file changed, 1 insertion(+)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Nations do behave wisely once they have exhausted all other alternatives.
-- Abba Eban
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/3] avcodec/hevcdec: do not memcpy into itself
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 2/3] avcodec/hevcdec: do not memcpy into itself Michael Niedermayer
@ 2023-09-07 22:07 ` Michael Niedermayer
0 siblings, 0 replies; 7+ messages in thread
From: Michael Niedermayer @ 2023-09-07 22:07 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 842 bytes --]
On Thu, Apr 27, 2023 at 08:38:39PM +0200, Michael Niedermayer wrote:
> Iam not sure if this buffer setup is intended but if it occurs memcpy() cannot always
> be used
>
> Fixes: memcpy-param-overlap
> Fixes: 58062/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4717458841010176
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/hevcdec.c | 1 +
> 1 file changed, 1 insertion(+)
patch withdrawn, as this is not a complete fix of the issue
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-09-07 22:07 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-27 18:38 [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka Michael Niedermayer
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 2/3] avcodec/hevcdec: do not memcpy into itself Michael Niedermayer
2023-09-07 22:07 ` Michael Niedermayer
2023-04-27 18:38 ` [FFmpeg-devel] [PATCH 3/3] avcodec/hevc_ps: Avoid signed overflow before check on QP Michael Niedermayer
2023-04-27 18:49 ` James Almer
2023-04-30 19:58 ` Michael Niedermayer
2023-04-30 22:33 ` [FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Adjust threshold for rka Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git