Nov 21, 2020, 18:24 by mich...@niedermayer.cc: > Fixes: Timeout (49sec -> 9sec) > Fixes: > 27427/clusterfuzz-testcase-minimized-ffmpeg_dem_FFMETADATA_fuzzer-5140589838073856 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavformat/utils.c | 43 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 43 insertions(+) > > diff --git a/libavformat/utils.c b/libavformat/utils.c > index 503e583ad0..9fac3fc2aa 100644 > --- a/libavformat/utils.c > +++ b/libavformat/utils.c > @@ -3191,15 +3191,58 @@ enum AVCodecID av_codec_get_id(const AVCodecTag > *const *tags, unsigned int tag) > return AV_CODEC_ID_NONE; > } > > +static int chapter_start_cmp(const void *p1, const void *p2) > +{ > + AVChapter *ch1 = *(AVChapter**)p1; > + AVChapter *ch2 = *(AVChapter**)p2; > + int delta = av_compare_ts(ch1->start, ch1->time_base, ch2->start, > ch2->time_base); > + if (delta) > + return delta; > + return (ch1 > ch2) - (ch1 < ch2); > +} > + > static void compute_chapters_end(AVFormatContext *s) > { > unsigned int i, j; > int64_t max_time = 0; > + int computations = 0; > > if (s->duration > 0 && s->start_time < INT64_MAX - s->duration) > max_time = s->duration + > ((s->start_time == AV_NOPTS_VALUE) ? 0 : s->start_time); > > + for (i = 0; i < s->nb_chapters; i++) > + if (s->chapters[i]->end == AV_NOPTS_VALUE) > + computations ++; > + > + if (computations > 5) { > + AVChapter **timetable = av_malloc(s->nb_chapters * > sizeof(*timetable)); > + if (timetable) { >
Its a void function, but shouldn't you change it to make it return AVERROR(ENOMEM) and then handle that in the caller? No memory is pretty catastrophic. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
