[FFmpeg-devel] [PATCH v2] avcodec/mv30: Check the input length before allocation

Michael Niedermayer michael at niedermayer.cc
Thu Aug 10 18:46:01 EEST 2023 

On Thu, Aug 10, 2023 at 12:12:51PM +0200, Paul B Mahol wrote:
> On Thu, Aug 10, 2023 at 11:34 AM Michael Niedermayer <michael at niedermayer.cc>
> wrote:
> 
> > On Wed, Aug 09, 2023 at 11:20:43PM +0200, Paul B Mahol wrote:
> > > On Wed, Aug 9, 2023 at 9:30 PM Michael Niedermayer <
> > michael at niedermayer.cc>
> > > wrote:
> > >
> > > > Hi Paul
> > > >
> > > > On Wed, Aug 09, 2023 at 08:53:03PM +0200, Paul B Mahol wrote:
> > > > > This is not correct, and please stop writing such patches. Thanks.
> > > >
> > > > If there is a problem in the bugfix, please explain what the problem
> > is.
> > > > If you do not like the specific fix, you can fix it differently too or
> > > > tell me what you prefer.
> > > > Simply saying "no" with no explanation repeatedly is rude
> > > >
> > >
> > > Patch breaks valid files.
> >
> > Does the patch break files you create intentionally or files
> > pre-existing ?
> > The check can fail if 2 data segments overlap, one can craft
> > a file with that. The previous patches are implemented differently
> > and dont have that behavior, you rejected them too and at the time
> > you did call them "hacky" and did not mention that they break anything
> > and also ignored all further questions
> >
> > I just implemented this one differently as the other way was rejected
> > by you with no comment
> >
> > Also please provide the files this breaks so the issue can be
> > fixed
> >
> >
> Why not same thing for AV1 codec?
> Just reduce max resolutions for mv30 to 32x32 and be done.

Limiting the resolution to max 32x32 would break real samples
for example V-codecs/mv30.avi

if you suggest to limit it only for the fuzzer, well, that would not
fix the timeout outside the fuzzer.
For some decoders limiting the resolution in the fuzzer is the only practical
option. But for mv30 this timeout really occurs because the input is not
checked/validated.

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20230810/60ce3ae2/attachment.sig>

More information about the ffmpeg-devel mailing list