Hi, On Tue, May 9, 2017 at 8:37 PM, Michael Niedermayer <mich...@niedermayer.cc> wrote:
> Fixes: out of array access > Fixes: 1434/clusterfuzz-testcase-minimized-6314998085189632 > Fixes: 1435/clusterfuzz-testcase-minimized-6483783723253760 > > Found-by: continuous fuzzing process https://github.com/google/oss- > fuzz/tree/master/targets/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/webp.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/webp.c b/libavcodec/webp.c > index 16c3ae2662..23ed4bc26f 100644 > --- a/libavcodec/webp.c > +++ b/libavcodec/webp.c > @@ -1330,12 +1330,17 @@ static int vp8_lossy_decode_frame(AVCodecContext > *avctx, AVFrame *p, > WebPContext *s = avctx->priv_data; > AVPacket pkt; > int ret; > + enum AVPixelFormat wanted_pix_fmt = s->has_alpha ? > AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P; > + > + if (s->initialized && wanted_pix_fmt != avctx->pix_fmt) { > + ff_vp8_decode_free(avctx); > + s->initialized = 0; > + } > > if (!s->initialized) { > ff_vp8_decode_init(avctx); > s->initialized = 1; > - if (s->has_alpha) > - avctx->pix_fmt = AV_PIX_FMT_YUVA420P; > + avctx->pix_fmt = wanted_pix_fmt; > } > s->lossless = 0; What is the out of array access? webp is intra only and the only thing that is initialized with memory in that call is reference frames. What's going on here? Ronald _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
