[FFmpeg-devel] [PATCH] speedhq: make sure the block index is not negative

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Wed Feb 1 03:17:05 EET 2017


On 31.01.2017 09:43, Steinar H. Gunderson wrote:
> On Tue, Jan 31, 2017 at 01:57:31AM +0100, Andreas Cadhalpun wrote:
>>> This sounds like a strangeness in constructing the table, which shouldn't be
>>> papered over in the inner loop of the decoder.
>> Maybe, I don't know what the contents of the table should be, but the following
>> are {-1, 0}: 32, 33, 64, 96, 128
> 
> Seemingly they are, indeed.
> 
>>> Do you have an actual input where your code makes a difference?
>> Yes, without this patch ubsan reports:
>> src/libavcodec/speedhq.c:206:13: runtime error: index -1 out of bounds for type 'uint8_t [128]'
> 
> Would you mind sharing an input where this actually triggers? None of the
> samples I have seem to trigger this, so I suppose it's some sort of fuzzed
> input.

Indeed it is. I've sent you a sample.

Best regards,
Andreas



More information about the ffmpeg-devel mailing list