[FFmpeg-devel] [PATCH 2/2] avcodec/scpr: Check for min > max in decompress_p()

[Michael Niedermayer]

On Mon, Aug 06, 2018 at 09:05:51AM +0200, Paul B Mahol wrote:
> On 8/5/18, Michael Niedermayer <michael at niedermayer.cc> wrote:
> > On Sun, Aug 05, 2018 at 10:08:31AM +0200, Paul B Mahol wrote:
> >> On 8/5/18, Michael Niedermayer <michael at niedermayer.cc> wrote:
> >> > Fixes: Timeout
> >> > Fixes:
> >> > 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312
> >> >
> >> > Found-by: continuous fuzzing process
> >> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> >> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> >> > ---
> >> >  libavcodec/scpr.c | 3 +++
> >> >  1 file changed, 3 insertions(+)
> >> >
> >> > diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c
> >> > index 72f59d5917..d1e47b09ac 100644
> >> > --- a/libavcodec/scpr.c
> >> > +++ b/libavcodec/scpr.c
> >> > @@ -525,6 +525,9 @@ static int decompress_p(AVCodecContext *avctx,
> >> >      if (ret < 0)
> >> >          return ret;
> >> >
> >> > +    if (min > max)
> >> > +        return AVERROR_INVALIDDATA;
> >> > +
> >>
> >> Shouldn't this check be actually bellow?
> >
> > yes, fixed, locally
> >
> >
> >> You sure this does not break valid files?
> >
> > i found no file that it breaks, beyond this, no iam not sure.
> > It mostly based on logic thinking that these would not be ordered the
> > other way, as that seems not usefull
> >
> > Is there some specification or more files i can test ?
> 
> It should be fine.

will apply

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

"I am not trying to be anyone's saviour, I'm trying to think about the
 future and not be sad" - Elon Musk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180816/d78b69af/attachment.sig>