On 2/22/17, Michael Niedermayer <mich...@niedermayer.cc> wrote: > Fixes: 647/clusterfuzz-testcase-5195745823031296 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/h264_ps.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c > index 8090178395..f4a4a01fbe 100644 > --- a/libavcodec/h264_ps.c > +++ b/libavcodec/h264_ps.c > @@ -828,6 +828,12 @@ int ff_h264_decode_picture_parameter_set(GetBitContext > *gb, AVCodecContext *avct > pps->init_qp = get_se_golomb(gb) + 26 + > qp_bd_offset; > pps->init_qs = get_se_golomb(gb) + 26 + > qp_bd_offset; > pps->chroma_qp_index_offset[0] = get_se_golomb(gb); > + if (pps->chroma_qp_index_offset[0] < -12 || > pps->chroma_qp_index_offset[0] > 12) { > + av_log(avctx, AV_LOG_ERROR, "chroma_qp_index_offset[0] %d is
This is nonsense. Please remove. > invalid\n", pps->chroma_qp_index_offset[0]); > + ret = AVERROR_INVALIDDATA; > + goto fail; > + } > + > pps->deblocking_filter_parameters_present = get_bits1(gb); > pps->constrained_intra_pred = get_bits1(gb); > pps->redundant_pic_cnt_present = get_bits1(gb); > @@ -845,6 +851,11 @@ int ff_h264_decode_picture_parameter_set(GetBitContext > *gb, AVCodecContext *avct > pps->scaling_matrix4, > pps->scaling_matrix8); > // second_chroma_qp_index_offset > pps->chroma_qp_index_offset[1] = get_se_golomb(gb); > + if (pps->chroma_qp_index_offset[1] < -12 || > pps->chroma_qp_index_offset[1] > 12) { > + av_log(avctx, AV_LOG_ERROR, "chroma_qp_index_offset[1] %d is > invalid\n", pps->chroma_qp_index_offset[1]); ditto. > + ret = AVERROR_INVALIDDATA; > + goto fail; > + } > } else { > pps->chroma_qp_index_offset[1] = pps->chroma_qp_index_offset[0]; > } > -- > 2.11.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > Having log message for every error case would make ffmpeg binary very big and slow. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel