[FFmpeg-devel] [PATCH 1/2] avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
Michael Niedermayer
michael at niedermayer.cc
Thu Nov 29 03:32:04 EET 2018
On Wed, Nov 28, 2018 at 10:06:12AM +0100, Hendrik Leppkes wrote:
> On Wed, Nov 28, 2018 at 1:54 AM Michael Niedermayer
> <michael at niedermayer.cc> wrote:
> >
> > Fixes: Timeout
> > Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavcodec/msmpeg4dec.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/libavcodec/msmpeg4dec.c b/libavcodec/msmpeg4dec.c
> > index 457a37e745..d278540ec2 100644
> > --- a/libavcodec/msmpeg4dec.c
> > +++ b/libavcodec/msmpeg4dec.c
> > @@ -412,6 +412,9 @@ int ff_msmpeg4_decode_picture_header(MpegEncContext * s)
> > {
> > int code;
> >
> > + if (get_bits_left(&s->gb) * 8LL < (s->width+15)/16 * ((s->height+15)/16))
> > + return AVERROR_INVALIDDATA;
> > +
>
> Please add a comment so such lines why these magic values where
> choosen, and an explanation in the commit message that explains the
> proof that these are an absolute limit and no valid frame could ever
> be smaller would be appreciated.
ill post one with a more verbose description, ill update the 2nd
in line with what we agree on for the first
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
"Nothing to hide" only works if the folks in power share the values of
you and everyone you know entirely and always will -- Tom Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20181129/e2001ca7/attachment.sig>
More information about the ffmpeg-devel
mailing list