Re: [FFmpeg-devel] [PATCH 12/12] avcodec/4xm: Check index in decode_i_block() also in the path where its not used.

2019-09-26 Thread Michael Niedermayer 
On Thu, Sep 26, 2019 at 10:07:29AM +0200, Paul B Mahol wrote:
> lgtm

will apply

thx

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If you think the mosad wants you dead since a long time then you are either
wrong or dead since a long time.


signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 12/12] avcodec/4xm: Check index in decode_i_block() also in the path where its not used.

2019-09-26 Thread Paul B Mahol 
lgtm

On 9/25/19, Michael Niedermayer  wrote:
> Fixes: Infinite loop
> Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in
> type 'int'
> Fixes:
> 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
> Fixes:
> 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680
> Fixes:
> 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer 
> ---
>  libavcodec/4xm.c | 4 
>  1 file changed, 4 insertions(+)
>
> diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
> index 1f4e2aee24..336c651d31 100644
> --- a/libavcodec/4xm.c
> +++ b/libavcodec/4xm.c
> @@ -525,6 +525,10 @@ static int decode_i_block(FourXContext *f, int16_t
> *block)
>  break;
>  if (code == 0xf0) {
>  i += 16;
> +if (i >= 64) {
> +av_log(f->avctx, AV_LOG_ERROR, "run %d overflow\n", i);
> +return 0;
> +}
>  } else {
>  if (code & 0xf) {
>  level = get_xbits(&f->gb, code & 0xf);
> --
> 2.23.0
>
> ___
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 12/12] avcodec/4xm: Check index in decode_i_block() also in the path where its not used.

2019-09-25 Thread Michael Niedermayer 
Fixes: Infinite loop
Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 
'int'
Fixes: 
16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
Fixes: 
16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680
Fixes: 
17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
---
 libavcodec/4xm.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index 1f4e2aee24..336c651d31 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -525,6 +525,10 @@ static int decode_i_block(FourXContext *f, int16_t *block)
 break;
 if (code == 0xf0) {
 i += 16;
+if (i >= 64) {
+av_log(f->avctx, AV_LOG_ERROR, "run %d overflow\n", i);
+return 0;
+}
 } else {
 if (code & 0xf) {
 level = get_xbits(&f->gb, code & 0xf);
-- 
2.23.0

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".