On Wed, Nov 28, 2018 at 10:06:12AM +0100, Hendrik Leppkes wrote: > On Wed, Nov 28, 2018 at 1:54 AM Michael Niedermayer > <mich...@niedermayer.cc> wrote: > > > > Fixes: Timeout > > Fixes: > > 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/msmpeg4dec.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/libavcodec/msmpeg4dec.c b/libavcodec/msmpeg4dec.c > > index 457a37e745..d278540ec2 100644 > > --- a/libavcodec/msmpeg4dec.c > > +++ b/libavcodec/msmpeg4dec.c > > @@ -412,6 +412,9 @@ int ff_msmpeg4_decode_picture_header(MpegEncContext * s) > > { > > int code; > > > > + if (get_bits_left(&s->gb) * 8LL < (s->width+15)/16 * > > ((s->height+15)/16)) > > + return AVERROR_INVALIDDATA; > > + > > Please add a comment so such lines why these magic values where > choosen, and an explanation in the commit message that explains the > proof that these are an absolute limit and no valid frame could ever > be smaller would be appreciated.
ill post one with a more verbose description, ill update the 2nd in line with what we agree on for the first thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB "Nothing to hide" only works if the folks in power share the values of you and everyone you know entirely and always will -- Tom Scott
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel