Hi, On Wed, Nov 15, 2017 at 3:17 PM, Michael Niedermayer <mich...@niedermayer.cc > wrote:
> Fixes: Timeout > Fixes: 3142/clusterfuzz-testcase-5007853163118592 > > Found-by: continuous fuzzing process https://github.com/google/oss- > fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/snowdec.c | 19 +++++++++++++++---- > 1 file changed, 15 insertions(+), 4 deletions(-) > > diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c > index 727e908fb5..77ffe7f594 100644 > --- a/libavcodec/snowdec.c > +++ b/libavcodec/snowdec.c > @@ -183,13 +183,24 @@ static int decode_q_branch(SnowContext *s, int > level, int x, int y){ > int my_context= av_log2(2*FFABS(left->my - top->my)) + > 0*av_log2(2*FFABS(tr->my - top->my)); > > type= get_rac(&s->c, &s->block_state[1 + left->type + top->type]) > ? BLOCK_INTRA : 0; > - > if(type){ > + int ld, cbd, crd; > pred_mv(s, &mx, &my, 0, left, top, tr); > - l += get_symbol(&s->c, &s->block_state[32], 1); > + ld = get_symbol(&s->c, &s->block_state[32], 1); > + if (ld < -255 || ld > 255) { > + av_log(s->avctx, AV_LOG_DEBUG, "Invalid (Out of range) > intra luma block DC difference %d\n", ld); > + return AVERROR_INVALIDDATA; > + } > + l += ld; > if (s->nb_planes > 2) { > - cb+= get_symbol(&s->c, &s->block_state[64], 1); > - cr+= get_symbol(&s->c, &s->block_state[96], 1); > + cbd = get_symbol(&s->c, &s->block_state[64], 1); > + crd = get_symbol(&s->c, &s->block_state[96], 1); > + if (cbd < -255 || cbd > 255 || crd < -255 || crd > 255) { > + av_log(s->avctx, AV_LOG_DEBUG, "Invalid (Out of > range) intra chroma block DC difference %d, %d\n", cbd, crd); > + return AVERROR_INVALIDDATA; > + } Please remove the error messages. Ronald _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
