[FFmpeg-devel] [PATCH 2/2] avcodec/pnm_parser: Remember the size of the image and do not reparse the header
Michael Niedermayer
michael at niedermayer.cc
Sat Apr 27 23:38:56 EEST 2019
On Sat, Apr 27, 2019 at 03:25:42PM +0200, Paul B Mahol wrote:
> On 4/24/19, Michael Niedermayer <michael at niedermayer.cc> wrote:
> > Fixes: Timeout (11sec -> 60ms)
> > Fixes:
> > 14270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAM_fuzzer-5734809634078720
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavcodec/pnm_parser.c | 29 +++++++++++++++++++++++------
> > 1 file changed, 23 insertions(+), 6 deletions(-)
> >
> > diff --git a/libavcodec/pnm_parser.c b/libavcodec/pnm_parser.c
> > index 95241c30b3..210a8a048e 100644
> > --- a/libavcodec/pnm_parser.c
> > +++ b/libavcodec/pnm_parser.c
> > @@ -24,19 +24,35 @@
> > #include "parser.h" //for ParseContext
> > #include "pnm.h"
> >
> > +typedef struct PNMParseContext {
> > + ParseContext pc;
> > + int remaining_bytes;
> > +}PNMParseContext;
> >
> > static int pnm_parse(AVCodecParserContext *s, AVCodecContext *avctx,
> > const uint8_t **poutbuf, int *poutbuf_size,
> > const uint8_t *buf, int buf_size)
> > {
> > - ParseContext *pc = s->priv_data;
> > + PNMParseContext *pnmpc = s->priv_data;
> > + ParseContext *pc = &pnmpc->pc;
> > PNMContext pnmctx;
> > - int next;
> > + int next = END_NOT_FOUND;
> > int skip = 0;
> >
> > for (; pc->overread > 0; pc->overread--) {
> > pc->buffer[pc->index++]= pc->buffer[pc->overread_index++];
> > }
> > +
> > + if (pnmpc->remaining_bytes) {
> > + int inc = FFMIN(pnmpc->remaining_bytes, buf_size);
> > + skip += inc;
> > + pnmpc->remaining_bytes -= inc;
> > +
> > + if (!pnmpc->remaining_bytes)
> > + next = skip;
> > + goto end;
> > + }
> > +
> > retry:
> > if (pc->index) {
> > pnmctx.bytestream_start =
> > @@ -47,7 +63,6 @@ retry:
> > pnmctx.bytestream = (uint8_t *) buf + skip; /* casts avoid
> > warnings */
> > pnmctx.bytestream_end = (uint8_t *) buf + buf_size - skip;
> > }
> > - next = END_NOT_FOUND;
> > if (ff_pnm_decode_header(avctx, &pnmctx) < 0) {
> > if (pnmctx.bytestream < pnmctx.bytestream_end) {
> > if (pc->index) {
> > @@ -79,9 +94,11 @@ retry:
> > }
> > if (next != END_NOT_FOUND && pnmctx.bytestream_start != buf + skip)
> > next -= pc->index;
> > - if (next > buf_size)
> > + if (next > buf_size) {
> > + pnmpc->remaining_bytes = next - buf_size;
> > next = END_NOT_FOUND;
> > -
> > + }
> > +end:
> > if (ff_combine_frame(pc, next, &buf, &buf_size) < 0) {
> > *poutbuf = NULL;
> > *poutbuf_size = 0;
> > @@ -95,7 +112,7 @@ retry:
> > AVCodecParser ff_pnm_parser = {
> > .codec_ids = { AV_CODEC_ID_PGM, AV_CODEC_ID_PGMYUV,
> > AV_CODEC_ID_PPM,
> > AV_CODEC_ID_PBM, AV_CODEC_ID_PAM },
> > - .priv_data_size = sizeof(ParseContext),
> > + .priv_data_size = sizeof(PNMParseContext),
> > .parser_parse = pnm_parse,
> > .parser_close = ff_parse_close,
> > };
> > --
> > 2.21.0
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel at ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
> LGTM
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The worst form of inequality is to try to make unequal things equal.
-- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190427/2bd4e3cd/attachment.sig>
More information about the ffmpeg-devel
mailing list