On Wed, Jan 24, 2018 at 12:47:18AM -0300, James Almer wrote: > On 1/24/2018 12:34 AM, Michael Niedermayer wrote: > > Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768 > > Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int' > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/hevc_ps.c | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c > > index 4787312cfa..746c96b17e 100644 > > --- a/libavcodec/hevc_ps.c > > +++ b/libavcodec/hevc_ps.c > > @@ -1324,6 +1324,17 @@ static int pps_range_extensions(GetBitContext *gb, > > AVCodecContext *avctx, > > pps->log2_sao_offset_scale_luma = get_ue_golomb_long(gb); > > pps->log2_sao_offset_scale_chroma = get_ue_golomb_long(gb); > > > > + if ( pps->log2_sao_offset_scale_luma > FFMAX(sps->bit_depth > > - 10, 0) > > + || pps->log2_sao_offset_scale_chroma > FFMAX(sps->bit_depth_chroma > > - 10, 0) > > + ) { > > + av_log(avctx, AV_LOG_ERROR, > > + "log2 sao offset scales (%d %d) are invalid\n", > > + pps->log2_sao_offset_scale_luma, > > + pps->log2_sao_offset_scale_chroma > > + ); > > + return AVERROR_INVALIDDATA; > > Wouldn't it be better to just port the h264 and hevc decoder to use the > cbs API at this point? It correctly does a range check for every > sps/vps/pps/slice value already. > > Otherwise you'll be adding a lot of range checks as oss-fuzz finds an > ubsan testcase for them.
cbs is not available in the releases we need to fix issues in the releases so i dont think cbs can help here [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In fact, the RIAA has been known to suggest that students drop out of college or go to community college in order to be able to afford settlements. -- The RIAA
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
