[FFmpeg-devel] [PATCH 2/3] avcodec/wcmv: Copy/Init frame later
Michael Niedermayer
michael at niedermayer.cc
Tue Feb 19 22:09:23 EET 2019
Speeds up error cases
Fixes: 13132/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664190616829952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/wcmv.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/libavcodec/wcmv.c b/libavcodec/wcmv.c
index ebd5ef66f4..f03761b343 100644
--- a/libavcodec/wcmv.c
+++ b/libavcodec/wcmv.c
@@ -60,16 +60,6 @@ static int decode_frame(AVCodecContext *avctx,
if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
return ret;
- if (s->prev_frame->data[0]) {
- ret = av_frame_copy(frame, s->prev_frame);
- if (ret < 0)
- return ret;
- } else {
- ptrdiff_t linesize[4] = { frame->linesize[0], 0, 0, 0 };
- av_image_fill_black(frame->data, linesize, avctx->pix_fmt, 0,
- avctx->width, avctx->height);
- }
-
blocks = bytestream2_get_le16(&gb);
if (blocks > 5) {
GetByteContext bgb;
@@ -162,6 +152,16 @@ static int decode_frame(AVCodecContext *avctx,
bytestream2_seek(&gb, 2, SEEK_SET);
}
+ if (s->prev_frame->data[0]) {
+ ret = av_frame_copy(frame, s->prev_frame);
+ if (ret < 0)
+ return ret;
+ } else {
+ ptrdiff_t linesize[4] = { frame->linesize[0], 0, 0, 0 };
+ av_image_fill_black(frame->data, linesize, avctx->pix_fmt, 0,
+ avctx->width, avctx->height);
+ }
+
for (int block = 0; block < blocks; block++) {
int x, y, w, h;
--
2.20.1
More information about the ffmpeg-devel
mailing list