Re: [FFmpeg-devel] [PATCH] avcodec/cbs: use av_fast_realloc() in cbs_insert_unit()
On Sat, May 02, 2020 at 01:45:43PM -0300, James Almer wrote: > On 5/2/2020 1:39 PM, Michael Niedermayer wrote: > > On Sat, Apr 11, 2020 at 11:01:41AM -0300, James Almer wrote: > >> Fixes: Timeout > >> Fixes: > >> 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360 > >> Fixes: > >> 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656 > >> Fixes: > >> 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776 > >> > >> Found-by: continuous fuzzing process > >> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > >> Signed-off-by: James Almer > >> --- > >> This can be ported to av_fast_realloc_array() once that's committed. > >> > >> libavcodec/cbs.c | 37 - > >> libavcodec/cbs.h | 7 +++ > >> 2 files changed, 23 insertions(+), 21 deletions(-) > > > > Not sure we decided on which fix to push, but something > > should be applied > > > > thx > > Mark had some comments and it seemed he preferred your approach in > "avcodec/cbs: Allocate more CodedBitstreamUnit at once in > cbs_insert_unit()", but not sure if he was expecting some changes or > not, so unless av_fast_realloc_array() by Andreas is committed and then > used here, feel free to push your patch instead. will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB There will always be a question for which you do not know the correct answer. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avcodec/cbs: use av_fast_realloc() in cbs_insert_unit()
On 5/2/2020 1:39 PM, Michael Niedermayer wrote: > On Sat, Apr 11, 2020 at 11:01:41AM -0300, James Almer wrote: >> Fixes: Timeout >> Fixes: >> 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360 >> Fixes: >> 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656 >> Fixes: >> 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776 >> >> Found-by: continuous fuzzing process >> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> Signed-off-by: James Almer >> --- >> This can be ported to av_fast_realloc_array() once that's committed. >> >> libavcodec/cbs.c | 37 - >> libavcodec/cbs.h | 7 +++ >> 2 files changed, 23 insertions(+), 21 deletions(-) > > Not sure we decided on which fix to push, but something > should be applied > > thx Mark had some comments and it seemed he preferred your approach in "avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit()", but not sure if he was expecting some changes or not, so unless av_fast_realloc_array() by Andreas is committed and then used here, feel free to push your patch instead. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avcodec/cbs: use av_fast_realloc() in cbs_insert_unit()
On Sat, Apr 11, 2020 at 11:01:41AM -0300, James Almer wrote: > Fixes: Timeout > Fixes: > 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360 > Fixes: > 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656 > Fixes: > 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: James Almer > --- > This can be ported to av_fast_realloc_array() once that's committed. > > libavcodec/cbs.c | 37 - > libavcodec/cbs.h | 7 +++ > 2 files changed, 23 insertions(+), 21 deletions(-) Not sure we decided on which fix to push, but something should be applied thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB When you are offended at any man's fault, turn to yourself and study your own failings. Then you will forget your anger. -- Epictetus signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/cbs: use av_fast_realloc() in cbs_insert_unit()
Fixes: Timeout
Fixes:
20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360
Fixes:
21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656
Fixes:
21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer
---
This can be ported to av_fast_realloc_array() once that's committed.
libavcodec/cbs.c | 37 -
libavcodec/cbs.h | 7 +++
2 files changed, 23 insertions(+), 21 deletions(-)
diff --git a/libavcodec/cbs.c b/libavcodec/cbs.c
index 0bd5e1ac5d..48ed7b5f32 100644
--- a/libavcodec/cbs.c
+++ b/libavcodec/cbs.c
@@ -161,6 +161,7 @@ void ff_cbs_fragment_free(CodedBitstreamContext *ctx,
av_freep(>units);
frag->nb_units_allocated = 0;
+frag->unit_buffer_size = 0;
}
static int cbs_read_fragment_content(CodedBitstreamContext *ctx,
@@ -684,35 +685,29 @@ static int cbs_insert_unit(CodedBitstreamContext *ctx,
CodedBitstreamFragment *frag,
int position)
{
-CodedBitstreamUnit *units;
+CodedBitstreamUnit *units = frag->units;
-if (frag->nb_units < frag->nb_units_allocated) {
-units = frag->units;
+if (frag->nb_units_allocated < frag->nb_units + 1) {
+int new_size = frag->nb_units_allocated + 1;
+void *tmp;
-if (position < frag->nb_units)
-memmove(units + position + 1, units + position,
-(frag->nb_units - position) * sizeof(*units));
-} else {
-units = av_malloc_array(frag->nb_units + 1, sizeof(*units));
-if (!units)
+if (new_size >= INT_MAX / sizeof(*units))
return AVERROR(ENOMEM);
-++frag->nb_units_allocated;
-
-if (position > 0)
-memcpy(units, frag->units, position * sizeof(*units));
+tmp = av_fast_realloc(units, >unit_buffer_size,
+ new_size * sizeof(*units));
+if (!tmp)
+return AVERROR(ENOMEM);
-if (position < frag->nb_units)
-memcpy(units + position + 1, frag->units + position,
- (frag->nb_units - position) * sizeof(*units));
+frag->units = units = tmp;
+frag->nb_units_allocated = new_size;
}
-memset(units + position, 0, sizeof(*units));
+if (position < frag->nb_units)
+memmove(units + position + 1, units + position,
+(frag->nb_units - position) * sizeof(*units));
-if (units != frag->units) {
-av_free(frag->units);
-frag->units = units;
-}
+memset(units + position, 0, sizeof(*units));
++frag->nb_units;
diff --git a/libavcodec/cbs.h b/libavcodec/cbs.h
index 9ca1fbd609..3209a82608 100644
--- a/libavcodec/cbs.h
+++ b/libavcodec/cbs.h
@@ -153,6 +153,13 @@ typedef struct CodedBitstreamFragment {
*/
int nb_units_allocated;
+/**
+ * Size of allocated unit buffer.
+ *
+ * Must always be > nb_units_allocated; designed for internal use by cbs.
+ */
+ unsigned intunit_buffer_size;
+
/**
* Pointer to an array of units of length nb_units_allocated.
* Only the first nb_units are valid.
--
2.26.0
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
