On Tue, Aug 07, 2018 at 01:05:51AM +0800, Ronald S. Bultje wrote: > Hi, > > On Sun, Aug 5, 2018, 9:17 AM Michael Niedermayer <mich...@niedermayer.cc> > wrote: > > > Fixes: Timeout > > Fixes: > > 9330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5707345857347584 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by > > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > > Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/vp9.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c > > index b1178c9c0c..4ca51ec108 100644 > > --- a/libavcodec/vp9.c > > +++ b/libavcodec/vp9.c > > @@ -1302,6 +1302,9 @@ static int decode_tiles(AVCodecContext *avctx, > > memset(lflvl_ptr->mask, 0, > > sizeof(lflvl_ptr->mask)); > > } > > > > + if (td->c->end <= td->c->buffer && td->c->bits >= 0) { > > + return AVERROR_INVALIDDATA; > > + } > > if (s->pass == 2) { > > decode_sb_mem(td, row, col, lflvl_ptr, > > yoff2, uvoff2, BL_64X64); > > > > I don't think this matches spec. Implementations could use this to store > auxiliary data.
This checks, or rather is intended to check for a premature end of the input. Am i missing something? because a premature end of input seems not to lead to more (auxiliary or other) data in the input. Of course in principle an encoder could use this and truncate the stream if the result still matches. Is this allowed in the spec ? Also i think this if() would be clearer with an error message or some comment, for example it would have been clear that this is about a end of input and not unknown additional input. But i omited the message as you didnt like error messages in similar cases. Thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In a rich man's house there is no place to spit but his face. -- Diogenes of Sinope
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel