2018-11-09 16:13 GMT+01:00, Carl Eugen Hoyos <ceffm...@gmail.com>: > 2018-11-09 10:31 GMT+01:00, Michael Niedermayer <mich...@niedermayer.cc>: >> method 0 (inflate/deflate) is the only specified in the specification and >> the only supported >> >> Fixes: Timeout >> Fixes: >> 10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512 >> >> Found-by: continuous fuzzing process >> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> >> --- >> libavcodec/pngdec.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c >> index 01144680f2..189bb9a4c1 100644 >> --- a/libavcodec/pngdec.c >> +++ b/libavcodec/pngdec.c >> @@ -578,6 +578,10 @@ static int decode_ihdr_chunk(AVCodecContext *avctx, >> PNGDecContext *s, >> } >> s->color_type = bytestream2_get_byte(&s->gb); >> s->compression_type = bytestream2_get_byte(&s->gb); >> + if (s->compression_type) { >> + av_log(avctx, AV_LOG_ERROR, "Invalid compression method %d\n", >> s->compression_type); >> + goto error; > > Would the native FFmpeg zlib decompression code - if merged - > avoid this issue?
Ping. It appears to me that if there is an issue, it cannot be fixed with the suggested patch, except that the fuzzer needs a little longer to find the final blocking sample. Or do I misunderstand? Carl Eugen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
