Fixes: Timeout
Fixes:
9759/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PPM_fuzzer-5655277650051072
Fixes:
9753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5764378543521792
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavcodec/pnm_parser.c | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/libavcodec/pnm_parser.c b/libavcodec/pnm_parser.c
index 4bcd0ddd5d..9bf1fdcece 100644
--- a/libavcodec/pnm_parser.c
+++ b/libavcodec/pnm_parser.c
@@ -32,6 +32,7 @@ static int pnm_parse(AVCodecParserContext *s, AVCodecContext
*avctx,
ParseContext *pc = s->priv_data;
PNMContext pnmctx;
int next;
+int skip = 0;
for (; pc->overread > 0; pc->overread--) {
pc->buffer[pc->index++]= pc->buffer[pc->overread_index++];
@@ -43,8 +44,8 @@ retry:
pnmctx.bytestream_end = pc->buffer + pc->index;
} else {
pnmctx.bytestream_start =
-pnmctx.bytestream = (uint8_t *) buf; /* casts avoid warnings */
-pnmctx.bytestream_end = (uint8_t *) buf + buf_size;
+pnmctx.bytestream = (uint8_t *) buf + skip; /* casts avoid
warnings */
+pnmctx.bytestream_end = (uint8_t *) buf + buf_size - skip;
}
if (ff_pnm_decode_header(avctx, ) < 0) {
if (pnmctx.bytestream < pnmctx.bytestream_end) {
@@ -52,8 +53,8 @@ retry:
pc->index = 0;
} else {
unsigned step = FFMAX(1, pnmctx.bytestream -
pnmctx.bytestream_start);
-buf += step;
-buf_size -= step;
+
+skip += step;
}
goto retry;
}
@@ -61,9 +62,9 @@ retry:
} else if (pnmctx.type < 4) {
next = END_NOT_FOUND;
} else {
-next = pnmctx.bytestream - pnmctx.bytestream_start
+next = pnmctx.bytestream - pnmctx.bytestream_start + skip
+ av_image_get_buffer_size(avctx->pix_fmt, avctx->width,
avctx->height, 1);
-if (pnmctx.bytestream_start != buf)
+if (pnmctx.bytestream_start != buf + skip)
next -= pc->index;
if (next > buf_size)
next = END_NOT_FOUND;
--
2.18.0
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
