[FFmpeg-devel] [PATCH 1/2] avcodec/hevc_ps: Check log2_sao_offset_scale_*

Michael Niedermayer michael at niedermayer.cc
Thu Jan 25 04:26:51 EET 2018


On Wed, Jan 24, 2018 at 04:42:38AM +0100, wm4 wrote:
> On Wed, 24 Jan 2018 04:34:49 +0100
> Michael Niedermayer <michael at niedermayer.cc> wrote:
> 
> > Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768
> > Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int'
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> >  libavcodec/hevc_ps.c | 11 +++++++++++
> >  1 file changed, 11 insertions(+)
> > 
> > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> > index 4787312cfa..746c96b17e 100644
> > --- a/libavcodec/hevc_ps.c
> > +++ b/libavcodec/hevc_ps.c
> > @@ -1324,6 +1324,17 @@ static int pps_range_extensions(GetBitContext *gb, AVCodecContext *avctx,
> >      pps->log2_sao_offset_scale_luma = get_ue_golomb_long(gb);
> >      pps->log2_sao_offset_scale_chroma = get_ue_golomb_long(gb);
> >  
> > +    if (   pps->log2_sao_offset_scale_luma   > FFMAX(sps->bit_depth        - 10, 0)
> > +        || pps->log2_sao_offset_scale_chroma > FFMAX(sps->bit_depth_chroma - 10, 0)
> > +    ) {
> > +        av_log(avctx, AV_LOG_ERROR,
> > +                "log2 sao offset scales (%d %d) are invalid\n",
> > +               pps->log2_sao_offset_scale_luma,
> > +               pps->log2_sao_offset_scale_chroma
> > +              );
> > +        return AVERROR_INVALIDDATA;
> > +    }
> > +
> >      return(0);
> >  }
> >  
> 
> Unnecessary logging.

i would prefer to keep the logging. But if people want it removed ill remove it.
Of course without error logging i will not be available to maintain or help
maintain hevc in the future. 

thx


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180125/36d3fb0a/attachment.sig>


More information about the ffmpeg-devel mailing list