[FFmpeg-devel] [PATCH 1/2] avcodec/scpr: Perform frame copy later

Michael Niedermayer michael at niedermayer.cc
Fri Mar 15 02:30:12 EET 2019


Optimization found while looking at 13442/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5758293933293568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/scpr.c  | 8 ++++----
 libavcodec/scpr3.c | 4 ++++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c
index 750cf59fe4..e5d7d13cf0 100644
--- a/libavcodec/scpr.c
+++ b/libavcodec/scpr.c
@@ -409,6 +409,10 @@ static int decompress_p(AVCodecContext *avctx,
         }
     }
 
+    ret = av_frame_copy(s->current_frame, s->last_frame);
+    if (ret < 0)
+        return ret;
+
     for (y = 0; y < s->nby; y++) {
         for (x = 0; x < s->nbx; x++) {
             int sy1 = 0, sy2 = 16, sx1 = 0, sx2 = 16;
@@ -549,10 +553,6 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     } else if (type == 0 || type == 1) {
         frame->key_frame = 0;
 
-        ret = av_frame_copy(s->current_frame, s->last_frame);
-        if (ret < 0)
-            return ret;
-
         if (s->version == 1 || s->version == 2)
             ret = decompress_p(avctx, (uint32_t *)s->current_frame->data[0],
                                s->current_frame->linesize[0] / 4,
diff --git a/libavcodec/scpr3.c b/libavcodec/scpr3.c
index b59a8cc28f..f92ccfa902 100644
--- a/libavcodec/scpr3.c
+++ b/libavcodec/scpr3.c
@@ -1081,6 +1081,10 @@ static int decompress_p3(AVCodecContext *avctx,
         }
     }
 
+    ret = av_frame_copy(s->current_frame, s->last_frame);
+    if (ret < 0)
+        return ret;
+
     for (y = 0; y < s->nby; y++) {
         for (x = 0; x < s->nbx; x++) {
             int sy1 = 0, sy2 = 16, sx1 = 0, sx2 = 16;
-- 
2.21.0



More information about the ffmpeg-devel mailing list