On Tue, Nov 10, 2020 at 05:17:40PM +0100, Michael Niedermayer wrote: > On Tue, Nov 10, 2020 at 01:46:10AM +0100, Andreas Rheinhardt wrote: > > Michael Niedermayer: > > > Fixes: Timeout (>20sec -> 56ms) > > > Fixes: > > > 26995/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5107217080254464 > > > > > > Found-by: continuous fuzzing process > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > > --- > > > libavcodec/cri.c | 11 +++++++---- > > > 1 file changed, 7 insertions(+), 4 deletions(-) > > > > > > diff --git a/libavcodec/cri.c b/libavcodec/cri.c > > > index dafbc1f1be..9bcd2ebfc6 100644 > > > --- a/libavcodec/cri.c > > > +++ b/libavcodec/cri.c > > > @@ -80,10 +80,13 @@ static void unpack_10bit(GetByteContext *gb, uint16_t > > > *dst, int shift, > > > int pos = 0; > > > > > > while (count > 0) { > > > - uint32_t a0 = bytestream2_get_le32(gb); > > > - uint32_t a1 = bytestream2_get_le32(gb); > > > - uint32_t a2 = bytestream2_get_le32(gb); > > > - uint32_t a3 = bytestream2_get_le32(gb); > > > + uint32_t a0, a1,a2,a3; > > > + if (bytestream2_get_bytes_left(gb) < 4) > > > + break; > > > + a0 = bytestream2_get_le32(gb); > > > + a1 = bytestream2_get_le32(gb); > > > + a2 = bytestream2_get_le32(gb); > > > + a3 = bytestream2_get_le32(gb); > > > dst[pos] = (((a0 >> 1) & 0xE00) | (a0 & 0x1FF)) << shift; > > > pos++; > > > if (pos >= w) { > > > > > Wouldn't it make sense to check for 16 bytes to be left given that > > that's the amount that is read immediately afterwards? And if you check > > for this, you could just use bytestream2_get_le32u(). > > the code can break out before using all 4 so i felt it was more > cautious to check only for the first
will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Take away the freedom of one citizen and you will be jailed, take away the freedom of all citizens and you will be congratulated by your peers in Parliament.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
