[FFmpeg-cvslog] [ffmpeg] tools/target_dec_fuzzer: Bound cumulative get_buffer allocation (branch master)

Thu, 11 Jun 2026 18:56:57 -0700 

This is an automated email from the git hooks/post-receive script.

Git pushed a commit to branch master
in repository ffmpeg.

The following commit(s) were added to refs/heads/master by this push:
     new 369a50fe75 tools/target_dec_fuzzer: Bound cumulative get_buffer 
allocation
369a50fe75 is described below

commit 369a50fe75ffc1f3f37b742c7cfd1c52f885194c
Author:     Michael Niedermayer <[email protected]>
AuthorDate: Fri Jun 5 00:56:08 2026 +0200
Commit:     michaelni <[email protected]>
CommitDate: Fri Jun 12 01:56:23 2026 +0000

    tools/target_dec_fuzzer: Bound cumulative get_buffer allocation
    
    Fixes: Timeout
    Fixes: 
509366072/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-4588961581563904
    Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer <[email protected]>
---
 tools/target_dec_fuzzer.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 6f19e9210a..284b76d727 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -105,6 +105,9 @@ const uint32_t maxiteration = 8096;
 
 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
 
+static uint64_t alloc_pixels;
+static uint64_t max_alloc_pixels;
+
 static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame)
 {
     ptrdiff_t linesize1[4];
@@ -113,6 +116,11 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, 
AVFrame *frame)
     int i, ret, w = frame->width, h = frame->height;
 
     avcodec_align_dimensions2(ctx, &w, &h, linesize_align);
+
+    alloc_pixels += (uint64_t)w * h;
+    if (alloc_pixels > max_alloc_pixels)
+        return AVERROR(ENOMEM);
+
     ret = av_image_fill_linesizes(frame->linesize, ctx->pix_fmt, w);
     if (ret < 0)
         return ret;
@@ -356,6 +364,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t 
size) {
     maxsamples_per_frame = FFMIN(maxsamples_per_frame, maxsamples);
     maxpixels_per_frame  = FFMIN(maxpixels_per_frame , maxpixels);
 
+    alloc_pixels     = 0;
+    max_alloc_pixels = maxpixels;
+
     AVCodecContext* ctx = avcodec_alloc_context3(&c->p);
     AVCodecContext* parser_avctx = avcodec_alloc_context3(NULL);
     if (!ctx || !parser_avctx)

_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to