Re: [FFmpeg-devel] [PATCH] avcodec/notchlc: Check available space for luma block code and alpha code
Please do not push unless properly tested. On Sun, Nov 29, 2020 at 4:09 PM Michael Niedermayer wrote: > On Sat, Nov 28, 2020 at 01:01:48AM +0100, Michael Niedermayer wrote: > > Fixes: Timeout (too long -> 2sec) > > Fixes: > 25439/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5688211127664640 > > > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer > > --- > > libavcodec/notchlc.c | 6 ++ > > 1 file changed, 6 insertions(+) > > will apply > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > There will always be a question for which you do not know the correct > answer. > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avcodec/notchlc: Check available space for luma block code and alpha code
On Sat, Nov 28, 2020 at 01:01:48AM +0100, Michael Niedermayer wrote: > Fixes: Timeout (too long -> 2sec) > Fixes: > 25439/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5688211127664640 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/notchlc.c | 6 ++ > 1 file changed, 6 insertions(+) will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB There will always be a question for which you do not know the correct answer. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/notchlc: Check available space for luma block code and alpha code
Fixes: Timeout (too long -> 2sec) Fixes: 25439/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5688211127664640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/notchlc.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c index 3f7079da70..57ce70e945 100644 --- a/libavcodec/notchlc.c +++ b/libavcodec/notchlc.c @@ -229,6 +229,9 @@ static int decode_blocks(AVCodecContext *avctx, AVFrame *p, ThreadFrame *frame, bytestream2_seek(&rgb, s->y_data_row_offsets, SEEK_SET); bytestream2_seek(gb, s->y_control_data_offset, SEEK_SET); +if (bytestream2_get_bytes_left(gb) < (avctx->height + 3) / 4 * ((avctx->width + 3) / 4) * 4) +return AVERROR_INVALIDDATA; + dsty = (uint16_t *)p->data[0]; dsta = (uint16_t *)p->data[3]; ylinesize = p->linesize[0] / 2; @@ -277,6 +280,9 @@ static int decode_blocks(AVCodecContext *avctx, AVFrame *p, ThreadFrame *frame, dsta += alinesize; } } else { +if (bytestream2_get_bytes_left(gb) < (avctx->height + 15) / 16 * ((avctx->width + 15) / 16) * 8) +return AVERROR_INVALIDDATA; + for (int y = 0; y < avctx->height; y += 16) { for (int x = 0; x < avctx->width; x += 16) { unsigned m = bytestream2_get_le32(gb); -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avcodec/notchlc: Check available space for luma block code
On Sun, Sep 13, 2020 at 03:53:18PM +0200, Michael Niedermayer wrote: > On Sun, Sep 13, 2020 at 12:39:34AM +0200, Paul B Mahol wrote: > > On Sat, Sep 12, 2020 at 06:43:30PM +0200, Michael Niedermayer wrote: > > > Fixes: Timeout (too long -> 2sec) > > > Fixes: > > > 25439/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5688211127664640 > > > > > > Found-by: continuous fuzzing process > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer > > > --- > > > libavcodec/notchlc.c | 3 +++ > > > 1 file changed, 3 insertions(+) > > > > > > diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c > > > index 3f7079da70..e7e69b0c21 100644 > > > --- a/libavcodec/notchlc.c > > > +++ b/libavcodec/notchlc.c > > > @@ -229,6 +229,9 @@ static int decode_blocks(AVCodecContext *avctx, > > > AVFrame *p, ThreadFrame *frame, > > > bytestream2_seek(&rgb, s->y_data_row_offsets, SEEK_SET); > > > bytestream2_seek(gb, s->y_control_data_offset, SEEK_SET); > > > > > > +if ((avctx->height + 3) / 4 * ((avctx->width + 3) / 4) * 4 > > > > bytestream2_get_bytes_left(gb)) > > > +return AVERROR_INVALIDDATA; > > > + > > > dsty = (uint16_t *)p->data[0]; > > > dsta = (uint16_t *)p->data[3]; > > > ylinesize = p->linesize[0] / 2; > > > -- > > > 2.17.1 > > > > Is this correct at all? > > Its the amount that is read from gb in the next loop just below the added > check There is also alpha handling code. Also I dislike completely this reverse style, bytestream2.. should be first. With that fixed and actually tested that it does not break decoding it should be fine. > > thx > > > > > If you do not like timeouts than get smaller samples or reduce dimensions > > of accepted files. > > ___ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > To unsubscribe, visit link above, or email > > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". > > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > There will always be a question for which you do not know the correct answer. > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avcodec/notchlc: Check available space for luma block code
On Sun, Sep 13, 2020 at 12:39:34AM +0200, Paul B Mahol wrote: > On Sat, Sep 12, 2020 at 06:43:30PM +0200, Michael Niedermayer wrote: > > Fixes: Timeout (too long -> 2sec) > > Fixes: > > 25439/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5688211127664640 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer > > --- > > libavcodec/notchlc.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c > > index 3f7079da70..e7e69b0c21 100644 > > --- a/libavcodec/notchlc.c > > +++ b/libavcodec/notchlc.c > > @@ -229,6 +229,9 @@ static int decode_blocks(AVCodecContext *avctx, AVFrame > > *p, ThreadFrame *frame, > > bytestream2_seek(&rgb, s->y_data_row_offsets, SEEK_SET); > > bytestream2_seek(gb, s->y_control_data_offset, SEEK_SET); > > > > +if ((avctx->height + 3) / 4 * ((avctx->width + 3) / 4) * 4 > > > bytestream2_get_bytes_left(gb)) > > +return AVERROR_INVALIDDATA; > > + > > dsty = (uint16_t *)p->data[0]; > > dsta = (uint16_t *)p->data[3]; > > ylinesize = p->linesize[0] / 2; > > -- > > 2.17.1 > > Is this correct at all? Its the amount that is read from gb in the next loop just below the added check thx > > If you do not like timeouts than get smaller samples or reduce dimensions of > accepted files. > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB There will always be a question for which you do not know the correct answer. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avcodec/notchlc: Check available space for luma block code
On Sat, Sep 12, 2020 at 06:43:30PM +0200, Michael Niedermayer wrote: > Fixes: Timeout (too long -> 2sec) > Fixes: > 25439/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5688211127664640 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/notchlc.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c > index 3f7079da70..e7e69b0c21 100644 > --- a/libavcodec/notchlc.c > +++ b/libavcodec/notchlc.c > @@ -229,6 +229,9 @@ static int decode_blocks(AVCodecContext *avctx, AVFrame > *p, ThreadFrame *frame, > bytestream2_seek(&rgb, s->y_data_row_offsets, SEEK_SET); > bytestream2_seek(gb, s->y_control_data_offset, SEEK_SET); > > +if ((avctx->height + 3) / 4 * ((avctx->width + 3) / 4) * 4 > > bytestream2_get_bytes_left(gb)) > +return AVERROR_INVALIDDATA; > + > dsty = (uint16_t *)p->data[0]; > dsta = (uint16_t *)p->data[3]; > ylinesize = p->linesize[0] / 2; > -- > 2.17.1 Is this correct at all? If you do not like timeouts than get smaller samples or reduce dimensions of accepted files. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/notchlc: Check available space for luma block code
Fixes: Timeout (too long -> 2sec) Fixes: 25439/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5688211127664640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/notchlc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c index 3f7079da70..e7e69b0c21 100644 --- a/libavcodec/notchlc.c +++ b/libavcodec/notchlc.c @@ -229,6 +229,9 @@ static int decode_blocks(AVCodecContext *avctx, AVFrame *p, ThreadFrame *frame, bytestream2_seek(&rgb, s->y_data_row_offsets, SEEK_SET); bytestream2_seek(gb, s->y_control_data_offset, SEEK_SET); +if ((avctx->height + 3) / 4 * ((avctx->width + 3) / 4) * 4 > bytestream2_get_bytes_left(gb)) +return AVERROR_INVALIDDATA; + dsty = (uint16_t *)p->data[0]; dsta = (uint16_t *)p->data[3]; ylinesize = p->linesize[0] / 2; -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".