PR #23309 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23309 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23309.patch
a valid RLE bitmap can decompress to far more than its input size, an early end-of-picture code leaves the rest of the canvas blank, thus we cannot add a check in bmp decode Fixes: Timeout Fixes: 510821718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BMP_DEC_fuzzer-5011979420106752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> # Summary of changes Briefly describe what this PR does and why. <!-- If this PR requires new FATE test samples, attach them to the PR and list their target paths below (relative to the fate-suite root). Attached filenames must match the sample's filename: ```fate-samples # e.g. vorbis/new-sample.ogg ``` --> >From eecd770dc2b74d3704523843dce6fb89f17d6eac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Mon, 1 Jun 2026 00:29:00 +0200 Subject: [PATCH] tools/target_dec_fuzzer: reduce BMP max pixels to avoid RLE timeout a valid RLE bitmap can decompress to far more than its input size, an early end-of-picture code leaves the rest of the canvas blank, thus we cannot add a check in bmp decode Fixes: Timeout Fixes: 510821718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BMP_DEC_fuzzer-5011979420106752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- tools/target_dec_fuzzer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index dff354545a..723f7996d7 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -220,6 +220,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { case AV_CODEC_ID_BETHSOFTVID: maxpixels /= 8192; break; case AV_CODEC_ID_BFI: maxpixels /= 8192; break; case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break; + case AV_CODEC_ID_BMP: maxpixels /= 16; break; case AV_CODEC_ID_BONK: maxsamples /= 1<<20; break; case AV_CODEC_ID_CAVS: maxpixels /= 1024; break; case AV_CODEC_ID_CDTOONS: maxpixels /= 1024; break; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
