[FFmpeg-devel] [PATCH 3/3] avcodec/cfhd: More strictly check tag order and multiplicity

Michael Niedermayer michael at niedermayer.cc
Sat Apr 3 17:40:13 EEST 2021 

On Thu, Apr 01, 2021 at 09:22:23PM +0200, Paul B Mahol wrote:
> Try this attached patch. I have not looked at all samples, as some allocate
> too much memory for my system.
> But this patch points where real bugs are, unlike yours patch which hides
> real bugs even more.

>  cfhd.c |    7 ++++++-
>  cfhd.h |    1 +
>  2 files changed, 7 insertions(+), 1 deletion(-)
> eef066aa3ee9d301ae412809e0ca0bea8cee2c68  0001-avcodec-cfhd-fix-some-crashes-caused-by-excessive-fu.patch
> From fc4abcc0d0058ea8a7cd79ce26bfbcbed4cf5329 Mon Sep 17 00:00:00 2001
> From: Paul B Mahol <onemda at gmail.com>
> Date: Thu, 1 Apr 2021 21:17:17 +0200
> Subject: [PATCH] avcodec/cfhd: fix some crashes caused by excessive fuzzing
> 
> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> ---
>  libavcodec/cfhd.c | 7 ++++++-
>  libavcodec/cfhd.h | 1 +
>  2 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
> index 1f2ee853c1..e126eb6ac7 100644
> --- a/libavcodec/cfhd.c
> +++ b/libavcodec/cfhd.c
[...]
> @@ -244,6 +246,7 @@ static int alloc_buffers(AVCodecContext *avctx)
>  
>      if ((ret = ff_set_dimensions(avctx, s->coded_width, s->coded_height)) < 0)
>          return ret;
> +    avctx->coded_width = FFALIGN(s->coded_width, 64) + 256;
>      avctx->pix_fmt = s->coded_format;
>  
>      ff_cfhddsp_init(&s->dsp, s->bpc, avctx->pix_fmt == AV_PIX_FMT_BAYER_RGGB16);
[...]
> @@ -665,6 +669,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
>              ret = ff_set_dimensions(avctx, s->coded_width, s->coded_height);
>              if (ret < 0)
>                  return ret;
> +            avctx->coded_width = FFALIGN(s->coded_width, 64) + 256;
>              if (s->cropped_height) {
>                  unsigned height = s->cropped_height << (avctx->pix_fmt == AV_PIX_FMT_BAYER_RGGB16);
>                  if (avctx->height < height)

Please document why coded_width has this extra alignment and padding added
Also if these are still needed after the patchset i just posted then please
apply

thanks

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210403/8d533071/attachment.sig>

More information about the ffmpeg-devel mailing list