On Sun, Apr 21, 2019 at 11:31:10AM +0200, Paul B Mahol wrote: > On 4/21/19, Michael Niedermayer <mich...@niedermayer.cc> wrote: > > I do not know if such vlc trees are allowed in agm, I have no specification > > So i do not know if these should be treated as error, or not. > > But the code does contain a check for idx < 0 already ... > > > > untested due to lack of valid samples using this codepath > > > > Fixes: Stack-buffer-overflow in get_tree_codes > > Fixes: > > 14189/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5745747003179008 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/agm.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/agm.c b/libavcodec/agm.c > > index f5fd5d065e..f3d81bf163 100644 > > --- a/libavcodec/agm.c > > +++ b/libavcodec/agm.c > > @@ -913,7 +913,7 @@ static void get_tree_codes(uint32_t *codes, Node *nodes, > > int idx, uint32_t pfx, > > { > > if (idx < 256 && idx >= 0) { > > codes[idx] = pfx; > > - } else { > > + } else if (idx >= 0) { > > get_tree_codes(codes, nodes, nodes[idx].child[0], pfx + (0 << > > bitpos), bitpos + 1); > > get_tree_codes(codes, nodes, nodes[idx].child[1], pfx + (1 << > > bitpos), bitpos + 1); > > } > > -- > > 2.21.0 > > > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > To unsubscribe, visit link above, or email > > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". > > lgtm
will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Many that live deserve death. And some that die deserve life. Can you give it to them? Then do not be too eager to deal out death in judgement. For even the very wise cannot see all ends. -- Gandalf
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
