[FFmpeg-devel] [PATCH 2/4] tools/target_dec_fuzzer: Do not test AV_CODEC_FLAG2_FAST with AV_CODEC_ID_H264
Michael Niedermayer
michael at niedermayer.cc
Thu May 28 15:41:00 EEST 2020
On Thu, May 28, 2020 at 02:23:34PM +0200, Michael Niedermayer wrote:
> On Thu, May 28, 2020 at 11:14:15AM +0200, Jean-Baptiste Kempf wrote:
> > On Thu, May 28, 2020, at 00:08, Kieran Kunhya wrote:
> > > On Wed, 27 May 2020 at 22:53, Michael Niedermayer <michael at niedermayer.cc>
> > > wrote:
> > >
> > > > On Sun, Mar 15, 2020 at 10:20:56PM +0100, Michael Niedermayer wrote:
> > > > > This combination skips allocating large padding which can read out of
> > > > array
> > > > >
> > > > > Fixes:
> > > > 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360
> > > > >
> > > > > Found-by: continuous fuzzing process
> > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > > > > ---
> > > > > tools/target_dec_fuzzer.c | 2 +-
> > > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > will apply
> > > >
> > >
> > > Shouldn't there be warnings about FAST mode if it causes security issues?
> >
> > I agree here.
> > Either we fix FAST mode, or it must come with important warnings.
>
> I suggest to add a AV_CODEC_FLAG2_FAST_UNSAFE and split the current
> uses of the flag up between the 2
>
> will submit a patch doing that unless i hear objections / a better
> suggestion.
ill also disable the use that this would move in master to unsafe,
in release branches
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200528/b5455151/attachment.sig>
More information about the ffmpeg-devel
mailing list