Re: [FFmpeg-devel] [PATCH 1/3] avcodec/cfhd: Check transform_type consistently

Sun, 04 Apr 2021 14:03:36 -0700 

On 4/4/2021 4:46 AM, Paul B Mahol wrote:

As always, make sure that you do not break or add new regressions for
decoding existing valid files.



Coverage of cfhd by FATE is really low. Pretty much half of the decoder 
is untested right now: 
http://coverage.ffmpeg.org/index.src_libavcodec_cfhd.c.html



Are there any samples with no copyright/license issues we could cut and 
add that make use of these untested code paths?




On Sat, Apr 3, 2021 at 4:54 PM Michael Niedermayer <mich...@niedermayer.cc>
wrote:


On Sat, Apr 03, 2021 at 04:39:06PM +0200, Michael Niedermayer wrote:

Fixes: out of array accesses
Fixes:

29754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-6333598414274560

Fixes:

30519/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-6298424511168512

Fixes:

30739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5011292836462592


Found-by: continuous fuzzing process

https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
  libavcodec/cfhd.c | 11 +++++++++--
  libavcodec/cfhd.h |  1 +
  2 files changed, 10 insertions(+), 2 deletions(-)


I intend to apply this patchset soon. Also this patchset almost certainly
does not fix every issue in CFHD, so if someone is searching for code to
do a security review on. CFHD is likely an interresting candidate

thx

[...]
--
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".



_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".





















					Reply via email to