This avoids reallocating per frame Fixes: Assertion failure Fixes: 36359/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6733238591684608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/snow.h | 1 + libavcodec/snowdec.c | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/libavcodec/snow.h b/libavcodec/snow.h index c0d2599859..8795491cf3 100644 --- a/libavcodec/snow.h +++ b/libavcodec/snow.h @@ -186,6 +186,7 @@ typedef struct SnowContext{ uint8_t *emu_edge_buffer; AVMotionVector *avmv; + unsigned avmv_size; int avmv_index; uint64_t encoding_error[AV_NUM_DATA_POINTERS]; diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c index 1355ae6ed1..cd2265aba1 100644 --- a/libavcodec/snowdec.c +++ b/libavcodec/snowdec.c @@ -492,9 +492,17 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, s->spatial_decomposition_count ); - av_assert0(!s->avmv); if (s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_MVS) { - s->avmv = av_malloc_array(s->b_width * s->b_height, sizeof(AVMotionVector) << (s->block_max_depth*2)); + size_t size; + res = av_size_mult(s->b_width * s->b_height, sizeof(AVMotionVector) << (s->block_max_depth*2), &size); + if (res) + return res; + av_fast_malloc(&s->avmv, &s->avmv_size, size); + if (!s->avmv) + return AVERROR(ENOMEM); + } else { + s->avmv_size = 0; + av_freep(&s->avmv); } s->avmv_index = 0; @@ -623,8 +631,6 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, memcpy(sd->data, s->avmv, s->avmv_index * sizeof(AVMotionVector)); } - av_freep(&s->avmv); - if (res < 0) return res; @@ -644,6 +650,9 @@ static av_cold int decode_end(AVCodecContext *avctx) ff_snow_common_end(s); + s->avmv_size = 0; + av_freep(&s->avmv); + return 0; } -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
