Try this attached patch. I have not looked at all samples, as some allocate
too much memory for my system.
But this patch points where real bugs are, unlike yours patch which hides
real bugs even more.
From fc4abcc0d0058ea8a7cd79ce26bfbcbed4cf5329 Mon Sep 17 00:00:00 2001
From: Paul B Mahol <one...@gmail.com>
Date: Thu, 1 Apr 2021 21:17:17 +0200
Subject: [PATCH] avcodec/cfhd: fix some crashes caused by excessive fuzzing
Signed-off-by: Paul B Mahol <one...@gmail.com>
---
libavcodec/cfhd.c | 7 ++++++-
libavcodec/cfhd.h | 1 +
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 1f2ee853c1..e126eb6ac7 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -45,6 +45,7 @@ static av_cold int cfhd_init(AVCodecContext *avctx)
CFHDContext *s = avctx->priv_data;
s->avctx = avctx;
+ s->prev_transform_type = -1;
for (int i = 0; i < 64; i++) {
int val = i;
@@ -100,6 +101,7 @@ static void init_frame_defaults(CFHDContext *s)
s->difference_coding = 0;
s->frame_type = 0;
s->sample_type = 0;
+ s->prev_transform_type = s->transform_type;
if (s->transform_type != 2)
s->transform_type = -1;
init_plane_defaults(s);
@@ -244,6 +246,7 @@ static int alloc_buffers(AVCodecContext *avctx)
if ((ret = ff_set_dimensions(avctx, s->coded_width, s->coded_height)) < 0)
return ret;
+ avctx->coded_width = FFALIGN(s->coded_width, 64) + 256;
avctx->pix_fmt = s->coded_format;
ff_cfhddsp_init(&s->dsp, s->bpc, avctx->pix_fmt == AV_PIX_FMT_BAYER_RGGB16);
@@ -655,7 +658,8 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
s->coded_height = s->a_height;
if (s->a_width != s->coded_width || s->a_height != s->coded_height ||
- s->a_format != s->coded_format) {
+ s->a_format != s->coded_format ||
+ s->transform_type != s->prev_transform_type) {
free_buffers(s);
if ((ret = alloc_buffers(avctx)) < 0) {
free_buffers(s);
@@ -665,6 +669,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
ret = ff_set_dimensions(avctx, s->coded_width, s->coded_height);
if (ret < 0)
return ret;
+ avctx->coded_width = FFALIGN(s->coded_width, 64) + 256;
if (s->cropped_height) {
unsigned height = s->cropped_height << (avctx->pix_fmt == AV_PIX_FMT_BAYER_RGGB16);
if (avctx->height < height)
diff --git a/libavcodec/cfhd.h b/libavcodec/cfhd.h
index 8ea91270cd..120fe5ccf6 100644
--- a/libavcodec/cfhd.h
+++ b/libavcodec/cfhd.h
@@ -155,6 +155,7 @@ typedef struct CFHDContext {
int frame_type;
int frame_index;
int sample_type;
+ int prev_transform_type;
int transform_type;
int coded_width;
int coded_height;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
