On Sun, Apr 29, 2018 at 08:23:39PM +0000, Kieran Kunhya wrote: > On Sun, 29 Apr 2018 at 20:20 Michael Niedermayer <mich...@niedermayer.cc> > wrote: > > > Fixes: runtime error: shift exponent -1 is negative > > Fixes: > > 7510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5024523356209152 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by > > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > > Michael Niedermayer <mich...@niedermayer.cc> > > > > No, this is wrong, extension_and_user_data( 0 ) may precede > StudioVisualObject.
The code before this patch calls a single extension_and_user_data(0) between VOS_STARTCODE and VISUAL_OBJ_STARTCODE the code after this patch still does this. The implementation for extension_and_user_data(0) does nothing though everything the code does is behind a if ((id == 2 || id == 4) && ... so id == 0 does nothing extension_and_user_data(0) should parse user data. This was not done before this patch, but should work after the patch as there is a entry in the main loop to parse user data. The code before bypassed the main loop. If there are no further objections i intend to apply this in a day or 2 Thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Awnsering whenever a program halts or runs forever is On a turing machine, in general impossible (turings halting problem). On any real computer, always possible as a real computer has a finite number of states N, and will either halt in less than N cycles or never halt.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
