[FFmpeg-cvslog] avcodec/golomb: Consume invalid data in get_ur_golomb_jpegls()
Michael Niedermayer
git at videolan.org
Thu Dec 8 03:50:27 EET 2016
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Thu Dec 8 01:46:26 2016 +0100| [3ab1311aba74a28cebfc22985cd9250fda93e6cf] | committer: Michael Niedermayer
avcodec/golomb: Consume invalid data in get_ur_golomb_jpegls()
Fixes slow loops on fuzzed data
Fixes: 245/fuzz-3-ffmpeg_AUDIO_AV_CODEC_ID_FLAC_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ab1311aba74a28cebfc22985cd9250fda93e6cf
---
libavcodec/golomb.h | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h
index 917ea54..d9db831 100644
--- a/libavcodec/golomb.h
+++ b/libavcodec/golomb.h
@@ -325,8 +325,10 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
} else {
int i;
for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) {
- if (gb->size_in_bits <= re_index)
+ if (gb->size_in_bits <= re_index) {
+ CLOSE_READER(re, gb);
return -1;
+ }
LAST_SKIP_BITS(re, gb, 1);
UPDATE_CACHE(re, gb);
}
@@ -348,16 +350,17 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
buf = 0;
}
- CLOSE_READER(re, gb);
- return buf + (i << k);
+ buf += (i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
- CLOSE_READER(re, gb);
- return buf + 1;
- } else
- return -1;
+ buf ++;
+ } else {
+ buf = -1;
+ }
+ CLOSE_READER(re, gb);
+ return buf;
}
}
More information about the ffmpeg-cvslog
mailing list