> On Aug 14, 2021, at 11:07 PM, Michael Niedermayer <mich...@niedermayer.cc>
> wrote:
>
> Fixes: Assertion failure
> Fixes:
> 36359/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6733238591684608
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
> libavcodec/snowdec.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c
> index 1355ae6ed1..7ef28c4899 100644
> --- a/libavcodec/snowdec.c
> +++ b/libavcodec/snowdec.c
> @@ -499,7 +499,7 @@ static int decode_frame(AVCodecContext *avctx, void
> *data, int *got_frame,
> s->avmv_index = 0;
>
> if ((res = decode_blocks(s)) < 0)
> - return res;
> + goto fail;
>
> for(plane_index=0; plane_index < s->nb_planes; plane_index++){
> Plane *p= &s->plane[plane_index];
> @@ -618,11 +618,11 @@ static int decode_frame(AVCodecContext *avctx, void
> *data, int *got_frame,
> AVFrameSideData *sd;
>
> sd = av_frame_new_side_data(picture, AV_FRAME_DATA_MOTION_VECTORS,
> s->avmv_index * sizeof(AVMotionVector));
> - if (!sd)
> - return AVERROR(ENOMEM);
> - memcpy(sd->data, s->avmv, s->avmv_index * sizeof(AVMotionVector));
> + if (sd)
> + memcpy(sd->data, s->avmv, s->avmv_index *
> sizeof(AVMotionVector));
res is not assigned to AVERROR(ENOMEM), so the error is just being ignored. Is
it intentional?
> }
>
> +fail:
> av_freep(&s->avmv);
>
> if (res < 0)
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
