Quoting Michael Niedermayer (2021-01-23 23:34:19) > On Sat, Jan 23, 2021 at 03:29:38PM +0100, Anton Khirnov wrote: > > Quoting Michael Niedermayer (2021-01-22 15:09:47) > > > Fixes: Timeout (too long -> 241ms) > > > Fixes: > > > 29083/clusterfuzz-testcase-minimized-ffmpeg_dem_SWF_fuzzer-6273684478230528 > > > > > > Found-by: continuous fuzzing process > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > > --- > > > libavformat/swfdec.c | 3 +++ > > > 1 file changed, 3 insertions(+) > > > > > > diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c > > > index 1463f0ad4d..aa4be88f91 100644 > > > --- a/libavformat/swfdec.c > > > +++ b/libavformat/swfdec.c > > > @@ -367,6 +367,9 @@ static int swf_read_packet(AVFormatContext *s, > > > AVPacket *pkt) > > > ff_dlog(s, "bitmap: ch=%d fmt=%d %dx%d (linesize=%d) > > > len=%d->%ld pal=%d\n", > > > ch_id, bmp_fmt, width, height, linesize, len, > > > out_len, colormapsize); > > > > > > + if (len * 17373LL < out_len) > > > > Where does the magic number come from? > > A very quick simulation of the best case compression for "compress" > below is not nice written code as i did not expect I or anyone else > would ever see it again > > I would have preferred some nicer expression or course, but thats > what it seems to be asymptotically. For smaller amounts of data a > tighter bound is possible but i saw no nice way to consider that > and it seems also overkill to try to do it more fine grained for > just this > > main(){ > int64_t bits = 0; > int bank = 256; > int bitbank = 8; > for(unsigned i = 0; i<1024*1024*1024*4U-100000;) { > int word_size = bank-255; > i += word_size; > bits += bitbank; > > if (!(bank & (bank-1))) > bitbank ++; > bank++; > if (bitbank > 16) { > printf("BEST %f \n", 8.0 * i / bits ); > bank = 256; > bitbank = 8; > } > } > } > > above assumes i remembered correctly how the algorithm works but the > value was close to what actual compession of zeros gave
People who read this code in the future will be interested in all this. So the content of your reply should be added to the commit message and/or the code itself. -- Anton Khirnov _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
