[FFmpeg-devel] [PATCH 4/4] avcodec/hqx: Check the input data against the image size

Lynne dev at lynne.ee
Sun Jul 21 01:36:48 EEST 2019


Jul 20, 2019, 11:08 PM by michael at niedermayer.cc:

> Fixes: Timeout (22 -> 7 sec)
> Fixes: 15173/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQX_fuzzer-5662556846292992
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavcodec/hqx.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/libavcodec/hqx.c b/libavcodec/hqx.c
> index bc24ba91d1..8639d77a41 100644
> --- a/libavcodec/hqx.c
> +++ b/libavcodec/hqx.c
> @@ -471,6 +471,10 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data,
>  avctx->height              = ctx->height;
>  avctx->bits_per_raw_sample = 10;
>  
> +    if (avctx->coded_width / 16 * (avctx->coded_height / 16) *
> +        (100 - avctx->discard_damaged_percentage) / 100 > 8LL * avpkt->size)
> +        return AVERROR_INVALIDDATA;
> + 
>

Not only are you ignoring my and others opinion, not only you still continue sending these awful patches,
you've just submitted by far the worst one I've ever seen thinking its okay.
Patches like these motivate developers to not even bother including test samples for new decoders, or even write them. Myself included. Doing exactly the opposite of what this system's meant to help.
Sure, you sent this for review, but how can you even consider this utterly ridiculous hack for a problem that doesn't exist even worthy for review in the first place? Just what the fuck?


More information about the ffmpeg-devel mailing list