[FFmpeg-cvslog] avcodec/cavsdec: Propagate error codes inside decode_mb_i()
Michael Niedermayer
git at videolan.org
Sun Nov 4 21:58:04 EET 2018
ffmpeg | branch: release/4.1 | Michael Niedermayer <michael at niedermayer.cc> | Sun Nov 4 20:00:16 2018 +0100| [7ebc27e1fa73c4db3409166b3465825a613bfa86] | committer: Michael Niedermayer
avcodec/cavsdec: Propagate error codes inside decode_mb_i()
Fixes: Timeout
Fixes: 10702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5669940938407936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c1cee0565692c541f589aefd7f375d37f55b9d94)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ebc27e1fa73c4db3409166b3465825a613bfa86
---
libavcodec/cavsdec.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index c7fff67c06..5f3b354518 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -591,14 +591,21 @@ static int decode_residual_block(AVSContext *h, GetBitContext *gb,
}
-static inline void decode_residual_chroma(AVSContext *h)
+static inline int decode_residual_chroma(AVSContext *h)
{
- if (h->cbp & (1 << 4))
- decode_residual_block(h, &h->gb, chroma_dec, 0,
+ if (h->cbp & (1 << 4)) {
+ int ret = decode_residual_block(h, &h->gb, chroma_dec, 0,
ff_cavs_chroma_qp[h->qp], h->cu, h->c_stride);
- if (h->cbp & (1 << 5))
- decode_residual_block(h, &h->gb, chroma_dec, 0,
+ if (ret < 0)
+ return ret;
+ }
+ if (h->cbp & (1 << 5)) {
+ int ret = decode_residual_block(h, &h->gb, chroma_dec, 0,
ff_cavs_chroma_qp[h->qp], h->cv, h->c_stride);
+ if (ret < 0)
+ return ret;
+ }
+ return 0;
}
static inline int decode_residual_inter(AVSContext *h)
@@ -649,6 +656,7 @@ static int decode_mb_i(AVSContext *h, int cbp_code)
uint8_t top[18];
uint8_t *left = NULL;
uint8_t *d;
+ int ret;
ff_cavs_init_mb(h);
@@ -692,8 +700,11 @@ static int decode_mb_i(AVSContext *h, int cbp_code)
ff_cavs_load_intra_pred_luma(h, top, &left, block);
h->intra_pred_l[h->pred_mode_Y[scan3x3[block]]]
(d, top, left, h->l_stride);
- if (h->cbp & (1<<block))
- decode_residual_block(h, gb, intra_dec, 1, h->qp, d, h->l_stride);
+ if (h->cbp & (1<<block)) {
+ ret = decode_residual_block(h, gb, intra_dec, 1, h->qp, d, h->l_stride);
+ if (ret < 0)
+ return ret;
+ }
}
/* chroma intra prediction */
@@ -703,7 +714,9 @@ static int decode_mb_i(AVSContext *h, int cbp_code)
h->intra_pred_c[pred_mode_uv](h->cv, &h->top_border_v[h->mbx * 10],
h->left_border_v, h->c_stride);
- decode_residual_chroma(h);
+ ret = decode_residual_chroma(h);
+ if (ret < 0)
+ return ret;
ff_cavs_filter(h, I_8X8);
set_mv_intra(h);
return 0;
More information about the ffmpeg-cvslog
mailing list