[FFmpeg-cvslog] avcodec/golomb: Consume invalid data in get_ur_golomb_jpegls()

Michael Niedermayer git at videolan.org
Thu Dec 8 03:50:27 EET 2016


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Thu Dec  8 01:46:26 2016 +0100| [3ab1311aba74a28cebfc22985cd9250fda93e6cf] | committer: Michael Niedermayer

avcodec/golomb: Consume invalid data in get_ur_golomb_jpegls()

Fixes slow loops on fuzzed data
Fixes: 245/fuzz-3-ffmpeg_AUDIO_AV_CODEC_ID_FLAC_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ab1311aba74a28cebfc22985cd9250fda93e6cf
---

 libavcodec/golomb.h | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h
index 917ea54..d9db831 100644
--- a/libavcodec/golomb.h
+++ b/libavcodec/golomb.h
@@ -325,8 +325,10 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
     } else {
         int i;
         for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) {
-            if (gb->size_in_bits <= re_index)
+            if (gb->size_in_bits <= re_index) {
+                CLOSE_READER(re, gb);
                 return -1;
+            }
             LAST_SKIP_BITS(re, gb, 1);
             UPDATE_CACHE(re, gb);
         }
@@ -348,16 +350,17 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
                 buf = 0;
             }
 
-            CLOSE_READER(re, gb);
-            return buf + (i << k);
+            buf += (i << k);
         } else if (i == limit - 1) {
             buf = SHOW_UBITS(re, gb, esc_len);
             LAST_SKIP_BITS(re, gb, esc_len);
-            CLOSE_READER(re, gb);
 
-            return buf + 1;
-        } else
-            return -1;
+            buf ++;
+        } else {
+            buf = -1;
+        }
+        CLOSE_READER(re, gb);
+        return buf;
     }
 }
 



More information about the ffmpeg-cvslog mailing list