[FFmpeg-devel] [PATCH 1/4] avcodec/vp9_superframe_split_bsf: Check in size
James Almer
jamrial at gmail.com
Mon Mar 14 16:07:38 EET 2022
On 3/14/2022 11:04 AM, Michael Niedermayer wrote:
> On Sun, Mar 13, 2022 at 04:03:42PM -0300, James Almer wrote:
>>
>>
>> On 3/12/2022 8:52 PM, Michael Niedermayer wrote:
>>> Fixes: Out of array read
>>> Fixes: 45137/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_SUPERFRAME_SPLIT_fuzzer-4984270639202304
>>>
>>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>>> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
>>> ---
>>> libavcodec/vp9_superframe_split_bsf.c | 5 +++++
>>> 1 file changed, 5 insertions(+)
>>>
>>> diff --git a/libavcodec/vp9_superframe_split_bsf.c b/libavcodec/vp9_superframe_split_bsf.c
>>> index ed0444561a..6af555c078 100644
>>> --- a/libavcodec/vp9_superframe_split_bsf.c
>>> +++ b/libavcodec/vp9_superframe_split_bsf.c
>>> @@ -51,6 +51,11 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out)
>>> return ret;
>>> in = s->buffer_pkt;
>>> + if (in->size == 0) {
>>
>> !in->size
>
> I favor checking "== 0" when its about the value 0 and !X when its about
> something being not set / not allocated.
> but i can change it if you prefer
>
> thx
I suggested it for the sake of consistence. Most AVPacket.size checks
use !X to check for 0.
More information about the ffmpeg-devel
mailing list