PR #23402 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23402 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23402.patch
Fixes: Timeout Fixes: 509366072/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-4588961581563904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 1a642441fb1e3c94d3036b35635c3fddeed9b33e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Fri, 5 Jun 2026 00:56:08 +0200 Subject: [PATCH] tools/target_dec_fuzzer: Bound cumulative get_buffer allocation Fixes: Timeout Fixes: 509366072/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-4588961581563904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- tools/target_dec_fuzzer.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 723f7996d7..9f6df59f02 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -105,6 +105,9 @@ const uint32_t maxiteration = 8096; static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL; +static uint64_t alloc_pixels; +static uint64_t max_alloc_pixels; + static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame) { ptrdiff_t linesize1[4]; @@ -113,6 +116,11 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame) int i, ret, w = frame->width, h = frame->height; avcodec_align_dimensions2(ctx, &w, &h, linesize_align); + + alloc_pixels += (uint64_t)w * h; + if (alloc_pixels > max_alloc_pixels) + return AVERROR(ENOMEM); + ret = av_image_fill_linesizes(frame->linesize, ctx->pix_fmt, w); if (ret < 0) return ret; @@ -355,6 +363,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { maxsamples_per_frame = FFMIN(maxsamples_per_frame, maxsamples); maxpixels_per_frame = FFMIN(maxpixels_per_frame , maxpixels); + alloc_pixels = 0; + max_alloc_pixels = maxpixels; + AVCodecContext* ctx = avcodec_alloc_context3(&c->p); AVCodecContext* parser_avctx = avcodec_alloc_context3(NULL); if (!ctx || !parser_avctx) -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
