[FFmpeg-devel] [PATCH 1/2] avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
Hendrik Leppkes
h.leppkes at gmail.com
Wed Nov 28 11:06:12 EET 2018
On Wed, Nov 28, 2018 at 1:54 AM Michael Niedermayer
<michael at niedermayer.cc> wrote:
>
> Fixes: Timeout
> Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/msmpeg4dec.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libavcodec/msmpeg4dec.c b/libavcodec/msmpeg4dec.c
> index 457a37e745..d278540ec2 100644
> --- a/libavcodec/msmpeg4dec.c
> +++ b/libavcodec/msmpeg4dec.c
> @@ -412,6 +412,9 @@ int ff_msmpeg4_decode_picture_header(MpegEncContext * s)
> {
> int code;
>
> + if (get_bits_left(&s->gb) * 8LL < (s->width+15)/16 * ((s->height+15)/16))
> + return AVERROR_INVALIDDATA;
> +
Please add a comment so such lines why these magic values where
choosen, and an explanation in the commit message that explains the
proof that these are an absolute limit and no valid frame could ever
be smaller would be appreciated.
- Hendrik
More information about the ffmpeg-devel
mailing list