On Mon, Aug 06, 2018 at 09:05:51AM +0200, Paul B Mahol wrote: > On 8/5/18, Michael Niedermayer <mich...@niedermayer.cc> wrote: > > On Sun, Aug 05, 2018 at 10:08:31AM +0200, Paul B Mahol wrote: > >> On 8/5/18, Michael Niedermayer <mich...@niedermayer.cc> wrote: > >> > Fixes: Timeout > >> > Fixes: > >> > 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312 > >> > > >> > Found-by: continuous fuzzing process > >> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > >> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > >> > --- > >> > libavcodec/scpr.c | 3 +++ > >> > 1 file changed, 3 insertions(+) > >> > > >> > diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c > >> > index 72f59d5917..d1e47b09ac 100644 > >> > --- a/libavcodec/scpr.c > >> > +++ b/libavcodec/scpr.c > >> > @@ -525,6 +525,9 @@ static int decompress_p(AVCodecContext *avctx, > >> > if (ret < 0) > >> > return ret; > >> > > >> > + if (min > max) > >> > + return AVERROR_INVALIDDATA; > >> > + > >> > >> Shouldn't this check be actually bellow? > > > > yes, fixed, locally > > > > > >> You sure this does not break valid files? > > > > i found no file that it breaks, beyond this, no iam not sure. > > It mostly based on logic thinking that these would not be ordered the > > other way, as that seems not usefull > > > > Is there some specification or more files i can test ? > > It should be fine.
will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB "I am not trying to be anyone's saviour, I'm trying to think about the future and not be sad" - Elon Musk
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel