Re: [FFmpeg-devel] [PATCH] avcodec/smc: Check input packet size

2018-02-23 Thread Michael Niedermayer 
On Fri, Feb 23, 2018 at 05:15:20AM +0100, Michael Niedermayer wrote:
> Fixes: Timeout
> Fixes: 
> 6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer 
> ---
>  libavcodec/smc.c | 4 
>  1 file changed, 4 insertions(+)

will apply

[...]

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Breaking DRM is a little like attempting to break through a door even
though the window is wide open and the only thing in the house is a bunch
of things you dont want and which you would get tomorrow for free anyway


signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] avcodec/smc: Check input packet size

2018-02-22 Thread Michael Niedermayer 
Fixes: Timeout
Fixes: 
6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
---
 libavcodec/smc.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/smc.c b/libavcodec/smc.c
index 79f9a757a0..3cb4834737 100644
--- a/libavcodec/smc.c
+++ b/libavcodec/smc.c
@@ -438,6 +438,10 @@ static int smc_decode_frame(AVCodecContext *avctx,
 int pal_size;
 const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, 
_size);
 int ret;
+int total_blocks = ((s->avctx->width + 3) / 4) * ((s->avctx->height + 3) / 
4);
+
+if (total_blocks / 1024 > avpkt->size)
+return AVERROR_INVALIDDATA;
 
 bytestream2_init(>gb, buf, buf_size);
 
-- 
2.16.2

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel