On Thu, Sep 21, 2023 at 8:09 PM Michael Niedermayer <mich...@niedermayer.cc> wrote:
> Fixes: out of array access > Fixes: > 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6227491892887552 > Fixes: > 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6268561729126400 > Fixes: > 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6414805046788096 > Fixes: > 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6538151088488448 > Fixes: > 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6608131540779008 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/osq.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/osq.c b/libavcodec/osq.c > index e7f11691d2e..bcc75fef6fc 100644 > --- a/libavcodec/osq.c > +++ b/libavcodec/osq.c > @@ -408,6 +408,9 @@ static int osq_receive_frame(AVCodecContext *avctx, > AVFrame *frame) > GetBitContext *gb = &s->gb; > int ret, n; > > + if (s->pkt_offset > s->pkt->size) > + s->pkt_offset = 0; > This is more hack than real fix. Can you provide input file? > + > while (s->bitstream_size < s->max_framesize) { > int size; > > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".