Re: [FFmpeg-devel] [PATCH 1/5] avcodec/cinepak: move some checks prior to frame allocation

Tue, 17 Apr 2018 05:24:50 -0700 

On Tue, Apr 17, 2018 at 10:32:16AM +0200, Tomas Härdin wrote:
> tis 2018-04-17 klockan 02:13 +0200 skrev Michael Niedermayer:
> > Speeds up decoding from 8 to 3 seconds for 
> > 6302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5626371985375232
> > Fixes: Timeout
> > 
> > Found-by: continuous fuzzing process 
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > ---
> >  libavcodec/cinepak.c | 27 ++++++++++++++++++++++-----
> >  1 file changed, 22 insertions(+), 5 deletions(-)
> > 
> > diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
> > index 89e940ae0d..ba0589582f 100644
> > --- a/libavcodec/cinepak.c
> > +++ b/libavcodec/cinepak.c
> > @@ -315,14 +315,11 @@ static int cinepak_decode_strip (CinepakContext *s,
> >      return AVERROR_INVALIDDATA;
> >  }
> >  
> > -static int cinepak_decode (CinepakContext *s)
> > +static int cinepak_predecode_check (CinepakContext *s)
> >  {
> > -    const uint8_t  *eod = (s->data + s->size);
> > -    int           i, result, strip_size, frame_flags, num_strips;
> > -    int           y0 = 0;
> > +    int           num_strips;
> >      int           encoded_buf_size;
> >  
> > -    frame_flags = s->data[0];
> >      num_strips  = AV_RB16 (&s->data[8]);
> >      encoded_buf_size = AV_RB24(&s->data[1]);
> >  
> > @@ -353,6 +350,21 @@ static int cinepak_decode (CinepakContext *s)
> >              s->sega_film_skip_bytes = 0;
> >      }
> >  
> > +    if (s->size < 10 + s->sega_film_skip_bytes + num_strips * 12)
> > +        return AVERROR_INVALIDDATA;
> 
> Looks like an extra check, not just moving existing checks as the
> commit message implies

its from this:
    for (i=0; i < num_strips; i++) {
        if ((s->data + 12) > eod)
            return AVERROR_INVALIDDATA;
    ...

But i can split this in a separte patch if you prefer ?


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Take away the freedom of one citizen and you will be jailed, take away
the freedom of all citizens and you will be congratulated by your peers
in Parliament.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to