[FFmpeg-devel] [PATCH 2/3] avcodec/wcmv: Copy/Init frame later

Michael Niedermayer michael at niedermayer.cc
Tue Feb 19 22:09:23 EET 2019


Speeds up error cases
Fixes: 13132/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664190616829952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/wcmv.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/libavcodec/wcmv.c b/libavcodec/wcmv.c
index ebd5ef66f4..f03761b343 100644
--- a/libavcodec/wcmv.c
+++ b/libavcodec/wcmv.c
@@ -60,16 +60,6 @@ static int decode_frame(AVCodecContext *avctx,
     if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
         return ret;
 
-    if (s->prev_frame->data[0]) {
-        ret = av_frame_copy(frame, s->prev_frame);
-        if (ret < 0)
-            return ret;
-    } else {
-        ptrdiff_t linesize[4] = { frame->linesize[0], 0, 0, 0 };
-        av_image_fill_black(frame->data, linesize, avctx->pix_fmt, 0,
-                            avctx->width, avctx->height);
-    }
-
     blocks = bytestream2_get_le16(&gb);
     if (blocks > 5) {
         GetByteContext bgb;
@@ -162,6 +152,16 @@ static int decode_frame(AVCodecContext *avctx,
         bytestream2_seek(&gb, 2, SEEK_SET);
     }
 
+    if (s->prev_frame->data[0]) {
+        ret = av_frame_copy(frame, s->prev_frame);
+        if (ret < 0)
+            return ret;
+    } else {
+        ptrdiff_t linesize[4] = { frame->linesize[0], 0, 0, 0 };
+        av_image_fill_black(frame->data, linesize, avctx->pix_fmt, 0,
+                            avctx->width, avctx->height);
+    }
+
     for (int block = 0; block < blocks; block++) {
         int x, y, w, h;
 
-- 
2.20.1



More information about the ffmpeg-devel mailing list