[FFmpeg-devel] [PATCH 1/2] avcodec/qtrle: Do not output duplicated frames on insufficient input
Michael Niedermayer
michael at niedermayer.cc
Mon May 14 02:07:55 EEST 2018
Fixes: Timeout
Fixes: 6383/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-6199846902956032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/qtrle.c | 12 ++---
tests/ref/fate/qtrle-8bit | 109 --------------------------------------
2 files changed, 6 insertions(+), 115 deletions(-)
diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c
index 1b0d2016b5..670690d0a4 100644
--- a/libavcodec/qtrle.c
+++ b/libavcodec/qtrle.c
@@ -433,12 +433,10 @@ static int qtrle_decode_frame(AVCodecContext *avctx,
int ret;
bytestream2_init(&s->g, avpkt->data, avpkt->size);
- if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
- return ret;
/* check if this frame is even supposed to change */
if (avpkt->size < 8)
- goto done;
+ return avpkt->size;
/* start after the chunk size */
bytestream2_seek(&s->g, 4, SEEK_SET);
@@ -449,17 +447,20 @@ static int qtrle_decode_frame(AVCodecContext *avctx,
/* if a header is present, fetch additional decoding parameters */
if (header & 0x0008) {
if (avpkt->size < 14)
- goto done;
+ return avpkt->size;
start_line = bytestream2_get_be16(&s->g);
bytestream2_skip(&s->g, 2);
height = bytestream2_get_be16(&s->g);
bytestream2_skip(&s->g, 2);
if (height > s->avctx->height - start_line)
- goto done;
+ return avpkt->size;
} else {
start_line = 0;
height = s->avctx->height;
}
+ if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
+ return ret;
+
row_ptr = s->frame->linesize[0] * start_line;
switch (avctx->bits_per_coded_sample) {
@@ -520,7 +521,6 @@ static int qtrle_decode_frame(AVCodecContext *avctx,
memcpy(s->frame->data[1], s->pal, AVPALETTE_SIZE);
}
-done:
if ((ret = av_frame_ref(data, s->frame)) < 0)
return ret;
*got_frame = 1;
diff --git a/tests/ref/fate/qtrle-8bit b/tests/ref/fate/qtrle-8bit
index 8da113d83e..27bb8aad71 100644
--- a/tests/ref/fate/qtrle-8bit
+++ b/tests/ref/fate/qtrle-8bit
@@ -4,169 +4,60 @@
#dimensions 0: 640x480
#sar 0: 0/1
0, 0, 0, 1, 921600, 0x1492e3ed
-0, 1, 1, 1, 921600, 0x1492e3ed
-0, 2, 2, 1, 921600, 0x1492e3ed
0, 3, 3, 1, 921600, 0x23ef4fc7
-0, 4, 4, 1, 921600, 0x23ef4fc7
0, 5, 5, 1, 921600, 0xe406d4be
-0, 6, 6, 1, 921600, 0xe406d4be
-0, 7, 7, 1, 921600, 0xe406d4be
0, 8, 8, 1, 921600, 0x62b8b5a1
-0, 9, 9, 1, 921600, 0x62b8b5a1
0, 10, 10, 1, 921600, 0x7d8ba674
-0, 11, 11, 1, 921600, 0x7d8ba674
-0, 12, 12, 1, 921600, 0x7d8ba674
0, 13, 13, 1, 921600, 0xfe666be7
-0, 14, 14, 1, 921600, 0xfe666be7
0, 15, 15, 1, 921600, 0x721baec0
-0, 16, 16, 1, 921600, 0x721baec0
-0, 17, 17, 1, 921600, 0x721baec0
0, 18, 18, 1, 921600, 0xc237180a
-0, 19, 19, 1, 921600, 0xc237180a
0, 20, 20, 1, 921600, 0xf03a7482
-0, 21, 21, 1, 921600, 0xf03a7482
-0, 22, 22, 1, 921600, 0xf03a7482
0, 23, 23, 1, 921600, 0x5612a391
-0, 24, 24, 1, 921600, 0x5612a391
0, 25, 25, 1, 921600, 0x9dbcc46a
-0, 26, 26, 1, 921600, 0x9dbcc46a
-0, 27, 27, 1, 921600, 0x9dbcc46a
0, 28, 28, 1, 921600, 0xa128a5d5
-0, 29, 29, 1, 921600, 0xa128a5d5
0, 30, 30, 1, 921600, 0x63e0025c
-0, 31, 31, 1, 921600, 0x63e0025c
-0, 32, 32, 1, 921600, 0x63e0025c
0, 33, 33, 1, 921600, 0x262359ed
-0, 34, 34, 1, 921600, 0x262359ed
0, 35, 35, 1, 921600, 0x343688e8
-0, 36, 36, 1, 921600, 0x343688e8
-0, 37, 37, 1, 921600, 0x343688e8
-0, 38, 38, 1, 921600, 0x343688e8
-0, 39, 39, 1, 921600, 0x343688e8
-0, 40, 40, 1, 921600, 0x343688e8
-0, 41, 41, 1, 921600, 0x343688e8
-0, 42, 42, 1, 921600, 0x343688e8
-0, 43, 43, 1, 921600, 0x343688e8
-0, 44, 44, 1, 921600, 0x343688e8
0, 45, 45, 1, 921600, 0xe4b29d57
-0, 46, 46, 1, 921600, 0xe4b29d57
-0, 47, 47, 1, 921600, 0xe4b29d57
0, 48, 48, 1, 921600, 0x198e8a4a
-0, 49, 49, 1, 921600, 0x198e8a4a
0, 50, 50, 1, 921600, 0x0cad8dc9
-0, 51, 51, 1, 921600, 0x0cad8dc9
-0, 52, 52, 1, 921600, 0x0cad8dc9
0, 53, 53, 1, 921600, 0x1f74cf3d
-0, 54, 54, 1, 921600, 0x1f74cf3d
0, 55, 55, 1, 921600, 0xec5b5449
-0, 56, 56, 1, 921600, 0xec5b5449
-0, 57, 57, 1, 921600, 0xec5b5449
0, 58, 58, 1, 921600, 0x39829711
-0, 59, 59, 1, 921600, 0x39829711
0, 60, 60, 1, 921600, 0x6de5b9c6
-0, 61, 61, 1, 921600, 0x6de5b9c6
-0, 62, 62, 1, 921600, 0x6de5b9c6
0, 63, 63, 1, 921600, 0x47b0e9d4
-0, 64, 64, 1, 921600, 0x47b0e9d4
0, 65, 65, 1, 921600, 0x756452b8
-0, 66, 66, 1, 921600, 0x756452b8
-0, 67, 67, 1, 921600, 0x756452b8
0, 68, 68, 1, 921600, 0x6fce3478
-0, 69, 69, 1, 921600, 0x6fce3478
0, 70, 70, 1, 921600, 0x372397cd
-0, 71, 71, 1, 921600, 0x372397cd
-0, 72, 72, 1, 921600, 0x372397cd
0, 73, 73, 1, 921600, 0xe3999ba1
-0, 74, 74, 1, 921600, 0xe3999ba1
0, 75, 75, 1, 921600, 0x6ba26b43
-0, 76, 76, 1, 921600, 0x6ba26b43
-0, 77, 77, 1, 921600, 0x6ba26b43
0, 78, 78, 1, 921600, 0x4e9ee49e
-0, 79, 79, 1, 921600, 0x4e9ee49e
0, 80, 80, 1, 921600, 0xdb5fd6e7
-0, 81, 81, 1, 921600, 0xdb5fd6e7
-0, 82, 82, 1, 921600, 0xdb5fd6e7
0, 83, 83, 1, 921600, 0x8f2254a5
-0, 84, 84, 1, 921600, 0x8f2254a5
-0, 85, 85, 1, 921600, 0x8f2254a5
-0, 86, 86, 1, 921600, 0x8f2254a5
-0, 87, 87, 1, 921600, 0x8f2254a5
-0, 88, 88, 1, 921600, 0x8f2254a5
-0, 89, 89, 1, 921600, 0x8f2254a5
-0, 90, 90, 1, 921600, 0x8f2254a5
-0, 91, 91, 1, 921600, 0x8f2254a5
-0, 92, 92, 1, 921600, 0x8f2254a5
0, 93, 93, 1, 921600, 0x57e95c32
-0, 94, 94, 1, 921600, 0x57e95c32
0, 95, 95, 1, 921600, 0x41627a9b
-0, 96, 96, 1, 921600, 0x41627a9b
-0, 97, 97, 1, 921600, 0x41627a9b
0, 98, 98, 1, 921600, 0x7412dcee
-0, 99, 99, 1, 921600, 0x7412dcee
0, 100, 100, 1, 921600, 0xaebe10ed
-0, 101, 101, 1, 921600, 0xaebe10ed
-0, 102, 102, 1, 921600, 0xaebe10ed
0, 103, 103, 1, 921600, 0x411a91f6
-0, 104, 104, 1, 921600, 0x411a91f6
0, 105, 105, 1, 921600, 0xb059df3f
-0, 106, 106, 1, 921600, 0xb059df3f
-0, 107, 107, 1, 921600, 0xb059df3f
0, 108, 108, 1, 921600, 0x4d6f5a77
-0, 109, 109, 1, 921600, 0x4d6f5a77
0, 110, 110, 1, 921600, 0xbbf06df4
-0, 111, 111, 1, 921600, 0xbbf06df4
-0, 112, 112, 1, 921600, 0xbbf06df4
0, 113, 113, 1, 921600, 0xe27f7bf6
-0, 114, 114, 1, 921600, 0xe27f7bf6
0, 115, 115, 1, 921600, 0xd7e8360e
-0, 116, 116, 1, 921600, 0xd7e8360e
-0, 117, 117, 1, 921600, 0xd7e8360e
0, 118, 118, 1, 921600, 0x1dd4c344
-0, 119, 119, 1, 921600, 0x1dd4c344
0, 120, 120, 1, 921600, 0x7995a7ce
-0, 121, 121, 1, 921600, 0x7995a7ce
-0, 122, 122, 1, 921600, 0x7995a7ce
0, 123, 123, 1, 921600, 0x2ef3c566
-0, 124, 124, 1, 921600, 0x2ef3c566
0, 125, 125, 1, 921600, 0xf296736e
-0, 126, 126, 1, 921600, 0xf296736e
-0, 127, 127, 1, 921600, 0xf296736e
-0, 128, 128, 1, 921600, 0xf296736e
-0, 129, 129, 1, 921600, 0xf296736e
-0, 130, 130, 1, 921600, 0xf296736e
-0, 131, 131, 1, 921600, 0xf296736e
-0, 132, 132, 1, 921600, 0xf296736e
-0, 133, 133, 1, 921600, 0xf296736e
-0, 134, 134, 1, 921600, 0xf296736e
0, 135, 135, 1, 921600, 0x1a488311
-0, 136, 136, 1, 921600, 0x1a488311
-0, 137, 137, 1, 921600, 0x1a488311
0, 138, 138, 1, 921600, 0x9e28011b
-0, 139, 139, 1, 921600, 0x9e28011b
0, 140, 140, 1, 921600, 0x84d1ea80
-0, 141, 141, 1, 921600, 0x84d1ea80
-0, 142, 142, 1, 921600, 0x84d1ea80
0, 143, 143, 1, 921600, 0x9ed41052
-0, 144, 144, 1, 921600, 0x9ed41052
0, 145, 145, 1, 921600, 0xd4db7206
-0, 146, 146, 1, 921600, 0xd4db7206
-0, 147, 147, 1, 921600, 0xd4db7206
0, 148, 148, 1, 921600, 0x55f695a9
-0, 149, 149, 1, 921600, 0x55f695a9
0, 150, 150, 1, 921600, 0x9d8c667f
-0, 151, 151, 1, 921600, 0x9d8c667f
-0, 152, 152, 1, 921600, 0x9d8c667f
0, 153, 153, 1, 921600, 0x9b6037ec
-0, 154, 154, 1, 921600, 0x9b6037ec
0, 155, 155, 1, 921600, 0x57c5e835
-0, 156, 156, 1, 921600, 0x57c5e835
-0, 157, 157, 1, 921600, 0x57c5e835
0, 158, 158, 1, 921600, 0x476dad89
-0, 159, 159, 1, 921600, 0x476dad89
0, 160, 160, 1, 921600, 0xcfd6ad2b
-0, 161, 161, 1, 921600, 0xcfd6ad2b
-0, 162, 162, 1, 921600, 0xcfd6ad2b
0, 163, 163, 1, 921600, 0x3b372379
-0, 164, 164, 1, 921600, 0x3b372379
0, 165, 165, 1, 921600, 0x36f245f5
-0, 166, 166, 1, 921600, 0x36f245f5
--
2.17.0
More information about the ffmpeg-devel
mailing list