[FFmpeg-devel] [PATCH 8/9] avcodec/smcenc: width < 4 is unsupported
Paul B Mahol
onemda at gmail.com
Mon Jun 17 10:50:18 EEST 2024
On Mon, Jun 17, 2024 at 1:09 AM Michael Niedermayer <michael at niedermayer.cc>
wrote:
> Fixes: out of array read
> Fixes:
> 68939/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-587804104884224
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/smcenc.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c
> index 789aef4f770..d70cce900ec 100644
> --- a/libavcodec/smcenc.c
> +++ b/libavcodec/smcenc.c
> @@ -537,6 +537,9 @@ static int smc_encode_frame(AVCodecContext *avctx,
> AVPacket *pkt,
> uint8_t *pal;
> int ret;
>
> + if (avctx->width < 4)
> + return AVERROR_PATCHWELCOME;
> +
>
I just enabled address sanitizer for smc encoder and i do not get any
errors.
Where is log of where overread happens?
> ret = ff_alloc_packet(avctx, pkt, 8LL * avctx->height * avctx->width);
> if (ret < 0)
> return ret;
> --
> 2.45.2
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
More information about the ffmpeg-devel
mailing list