Feel free to apply this patch as it does not break current files, but I think check is incomplete.
On 9/10/19, Paul B Mahol <one...@gmail.com> wrote: > On 9/10/19, Michael Niedermayer <mich...@niedermayer.cc> wrote: >> On Mon, Sep 09, 2019 at 10:29:14PM +0200, Paul B Mahol wrote: >>> On 9/9/19, Michael Niedermayer <mich...@niedermayer.cc> wrote: >>> > On Fri, Jul 19, 2019 at 09:53:34PM +0200, Michael Niedermayer wrote: >>> >> On Fri, Jul 19, 2019 at 03:36:43PM +0200, Paul B Mahol wrote: >>> >> > On 7/19/19, Michael Niedermayer <mich...@niedermayer.cc> wrote: >>> >> > > On Thu, Jun 27, 2019 at 09:32:44AM +0200, Paul B Mahol wrote: >>> >> > >> On 6/27/19, Michael Niedermayer <mich...@niedermayer.cc> wrote: >>> >> > >> > Fixes: signed integer overflow: 61 + 2147483647 cannot be >>> >> > >> > represented >>> >> > >> > in >>> >> > >> > type 'int' >>> >> > >> > Fixes: >>> >> > >> > 15311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5742552826773504 >>> >> > >> > >>> >> > >> > Found-by: continuous fuzzing process >>> >> > >> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >>> >> > >> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> >>> >> > >> > --- >>> >> > >> > libavcodec/dxv.c | 2 +- >>> >> > >> > 1 file changed, 1 insertion(+), 1 deletion(-) >>> >> > >> > >>> >> > >> > diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c >>> >> > >> > index 5fd1844094..3506775560 100644 >>> >> > >> > --- a/libavcodec/dxv.c >>> >> > >> > +++ b/libavcodec/dxv.c >>> >> > >> > @@ -745,7 +745,7 @@ static int dxv_decompress_cocg(DXVContext >>> >> > >> > *ctx, >>> >> > >> > GetByteContext *gb, >>> >> > >> > int skip0, skip1, oi0 = 0, oi1 = 0; >>> >> > >> > int ret, state0 = 0, state1 = 0; >>> >> > >> > >>> >> > >> > - if (op_offset < 12) >>> >> > >> > + if (op_offset < 12 || op_offset - 12 > >>> >> > >> > bytestream2_get_bytes_left(gb)) >>> >> > >> > return AVERROR_INVALIDDATA; >>> >> > >> > >>> >> > >> > dst = tex_data; >>> >> > >> > -- >>> >> > >> > 2.22.0 >>> >> > >> > >>> >> > >> > _______________________________________________ >>> >> > >> > ffmpeg-devel mailing list >>> >> > >> > ffmpeg-devel@ffmpeg.org >>> >> > >> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel >>> >> > >> > >>> >> > >> > To unsubscribe, visit link above, or email >>> >> > >> > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". >>> >> > >> >>> >> > >> Make sure this does not break any files. >>> >> > > >>> >> > > Do you have any specific files i should test ? >>> >> > > >>> >> > > I of course cannot test every file on earth ... >>> >> > >>> >> > I'm on vacation, so when I get back I will give you some files. >>> >> >>> >> ok, ill wait, no hurry, enjoy your vacation! >>> > >>> > ping, this issue is reaching its deadline, so i would like to >>> > fix it >>> >>> What deadline? Is this some kind of fancy corporation? >> >> first link for googling ossfuzz deadline explains it like this: >> >> "Once a project is signed up for OSS-Fuzz, it is automatically subject to >> the 90-day disclosure deadline for newly reported bugs ..." >> > > Irrelevant, this is not security issue at all. > >> thx >> >> [...] >> -- >> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB >> >> "I am not trying to be anyone's saviour, I'm trying to think about the >> future and not be sad" - Elon Musk >> >> > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
