[FFmpeg-devel] [PATCH 1/4] avcodec/sonic: Check e in get_symbol()

Michael Niedermayer michael at niedermayer.cc
Sun Oct 27 10:49:08 EET 2019 

On Tue, Oct 22, 2019 at 04:56:27PM +0200, Paul B Mahol wrote:
> This code is dead and nonfunctional and should be removed ASAP!

Its in several releases, which need this fix
Even if it where removed from git master they still would need the fix


> 
> On 10/22/19, Michael Niedermayer <michael at niedermayer.cc> wrote:
> > Fixes: signed integer overflow: 1721520852 + 1721520852 cannot be
> > represented in type 'int'
> > Fixes:
> > 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> >  libavcodec/sonic.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c
> > index 34d2952e69..b890d79c28 100644
> > --- a/libavcodec/sonic.c
> > +++ b/libavcodec/sonic.c
> > @@ -144,6 +144,8 @@ static inline av_flatten int get_symbol(RangeCoder *c,
> > uint8_t *state, int is_si
> >          e= 0;
> >          while(get_rac(c, state+1 + FFMIN(e,9))){ //1..10
> >              e++;
> > +            if (e > 31)
> > +                return AVERROR_INVALIDDATA;
> >          }
> >
> >          a= 1;
> > --
> > 2.23.0
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel at ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
then the original author, trying to rewrite it will not make it better.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20191027/877ba9da/attachment.sig>

More information about the ffmpeg-devel mailing list