[FFmpeg-devel] [PATCH 4/4] avcodec/hqx: Check the input data against the image size
Carl Eugen Hoyos
ceffmpeg at gmail.com
Sun Jul 21 02:31:29 EEST 2019
> Am 21.07.2019 um 00:36 schrieb Lynne <dev at lynne.ee>:
>
> Jul 20, 2019, 11:08 PM by michael at niedermayer.cc:
>
>> Fixes: Timeout (22 -> 7 sec)
>> Fixes: 15173/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQX_fuzzer-5662556846292992
>>
>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
>> ---
>> libavcodec/hqx.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/libavcodec/hqx.c b/libavcodec/hqx.c
>> index bc24ba91d1..8639d77a41 100644
>> --- a/libavcodec/hqx.c
>> +++ b/libavcodec/hqx.c
>> @@ -471,6 +471,10 @@ static int hqx_decode_frame(AVCodecContext *avctx, void *data,
>> avctx->height = ctx->height;
>> avctx->bits_per_raw_sample = 10;
>>
>> + if (avctx->coded_width / 16 * (avctx->coded_height / 16) *
>> + (100 - avctx->discard_damaged_percentage) / 100 > 8LL * avpkt->size)
>> + return AVERROR_INVALIDDATA;
>> +
>>
>
> Not only are you ignoring my and others opinion, not only you still continue sending these awful patches,
> you've just submitted by far the worst one I've ever seen thinking its okay.
> Patches like these motivate developers to not even bother including test samples for new decoders, or even write them. Myself included. Doing exactly the opposite of what this system's meant to help.
> Sure, you sent this for review, but how can you even consider this utterly ridiculous hack for a problem that doesn't exist even worthy for review in the first place? Just what the fuck?
Ad hominem attacks sadly do not count as reviews.
Carl Eugen
More information about the ffmpeg-devel
mailing list