subject:"\[FFmpeg\-devel\] \[PATCH 1\/3\] avcodec\/cdtoons\: Check sprite

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/cdtoons: Check sprite_offset is within the packet

2020-05-12 Thread Michael Niedermayer

On Mon, May 11, 2020 at 11:12:45PM +0200, Paul B Mahol wrote:
> probably ok

will apply

thx

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If you drop bombs on a foreign country and kill a hundred thousand
innocent people, expect your government to call the consequence
"unprovoked inhuman terrorist attacks" and use it to justify dropping
more bombs and killing more people. The technology changed, the idea is old.


signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/cdtoons: Check sprite_offset is within the packet

2020-05-11 Thread Paul B Mahol

probably ok

On 5/11/20, Michael Niedermayer  wrote:
> Fixes: out of array read
> Fixes:
> 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDTOONS_fuzzer-5754518731227136
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer 
> ---
>  libavcodec/cdtoons.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/libavcodec/cdtoons.c b/libavcodec/cdtoons.c
> index 13f9a60f0f..a8609815c1 100644
> --- a/libavcodec/cdtoons.c
> +++ b/libavcodec/cdtoons.c
> @@ -190,6 +190,9 @@ static int cdtoons_decode_frame(AVCodecContext *avctx,
> void *data,
>  palette_set= bytestream_get_byte();
>  buf   += 5;
>
> +if (sprite_offset > buf_size)
> +return AVERROR_INVALIDDATA;
> +
>  /* read new sprites introduced in this frame */
>  buf = avpkt->data + sprite_offset;
>  while (sprite_count--) {
> --
> 2.17.1
>
> ___
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 1/3] avcodec/cdtoons: Check sprite_offset is within the packet

2020-05-11 Thread Michael Niedermayer

Fixes: out of array read
Fixes: 
20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDTOONS_fuzzer-5754518731227136

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
---
 libavcodec/cdtoons.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/cdtoons.c b/libavcodec/cdtoons.c
index 13f9a60f0f..a8609815c1 100644
--- a/libavcodec/cdtoons.c
+++ b/libavcodec/cdtoons.c
@@ -190,6 +190,9 @@ static int cdtoons_decode_frame(AVCodecContext *avctx, void 
*data,
 palette_set= bytestream_get_byte();
 buf   += 5;
 
+if (sprite_offset > buf_size)
+return AVERROR_INVALIDDATA;
+
 /* read new sprites introduced in this frame */
 buf = avpkt->data + sprite_offset;
 while (sprite_count--) {
-- 
2.17.1

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/cdtoons: Check sprite_offset is within the packet

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/cdtoons: Check sprite_offset is within the packet

[FFmpeg-devel] [PATCH 1/3] avcodec/cdtoons: Check sprite_offset is within the packet

3 matches

Site Navigation

Mail list logo

Footer information