[FFmpeg-devel] [PATCH 3/3] avcodec/huffyuvdec: Check input buffer size
Michael Niedermayer
michael at niedermayer.cc
Fri Feb 9 00:06:58 EET 2018
On Thu, Feb 08, 2018 at 06:09:46PM +0100, Paul B Mahol wrote:
> On 2/5/18, Michael Niedermayer <michael at niedermayer.cc> wrote:
> > On Mon, Feb 05, 2018 at 10:04:47AM +0100, Paul B Mahol wrote:
> >> On 2/5/18, Michael Niedermayer <michael at niedermayer.cc> wrote:
> >> > On Thu, Feb 01, 2018 at 02:36:16AM +0100, Michael Niedermayer wrote:
> >> >> On Wed, Jan 31, 2018 at 07:56:06PM +0100, Paul B Mahol wrote:
> >> >> > On 1/31/18, Michael Niedermayer <michael at niedermayer.cc> wrote:
> >> >> > > Fixes: Timeout
> >> >> > > Fixes: 5487/clusterfuzz-testcase-4696837035393024
> >> >> > >
> >> >> > > Found-by: continuous fuzzing process
> >> >> > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> >> >> > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> >> >> > > ---
> >> >> > > libavcodec/huffyuvdec.c | 3 +++
> >> >> > > 1 file changed, 3 insertions(+)
> >> >> > >
> >> >> > > diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c
> >> >> > > index 979c4b9d5c..66357bfb40 100644
> >> >> > > --- a/libavcodec/huffyuvdec.c
> >> >> > > +++ b/libavcodec/huffyuvdec.c
> >> >> > > @@ -919,6 +919,9 @@ static int decode_frame(AVCodecContext *avctx,
> >> >> > > void
> >> >> > > *data, int *got_frame,
> >> >> > > AVFrame *const p = data;
> >> >> > > int table_size = 0, ret;
> >> >> > >
> >> >> > > + if (buf_size < (width * height + 7)/8)
> >> >> > > + return AVERROR_INVALIDDATA;
> >> >> > > +
> >> >> >
> >> >> > Are you sure this is enough?
> >> >>
> >> >> I dont know if thats the only way the decoder can be made to waste
> >> >> large amounts of CPU with little input data
> >> >>
> >> >> I do belive it stops this specific class of issues though
> >> >>
> >> >>
> >> >> >
> >> >> > Something similar you had already posted long ago.
> >> >>
> >> >> for other decoders, yes. Did i forget a patch for huffyuv ?
> >> >
> >> > i will apply this in a few days unless someone has objections or
> >> > sees some possible imrpovment
> >>
> >> Are you sure this does not break decoding of valid files?
> >
> > huffyuv encodes samples using huffman codes, the smallest is 1 bit so
> > w*h bits should be the minimum
> >
> >
>
> ok
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180208/69e53562/attachment.sig>
More information about the ffmpeg-devel
mailing list