virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-07-11 14:30:22 +02:00
Code Issues Releases Activity

avcodec/golomb: Consume invalid data in get_ur_golomb_jpegls()

Browse Source 
Fixes slow loops on fuzzed data
Fixes: 245/fuzz-3-ffmpeg_AUDIO_AV_CODEC_ID_FLAC_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2016-12-08 01:46:26 +01:00
parent 445204cd57
commit 3ab1311aba
1 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libavcodec/golomb.h
View File

@ -325,8 +325,10 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
} else { } else {
int i; int i;
for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) { for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) {
if (gb->size_in_bits <= re_index) if (gb->size_in_bits <= re_index) {
CLOSE_READER(re, gb);
return -1; return -1;
}
LAST_SKIP_BITS(re, gb, 1); LAST_SKIP_BITS(re, gb, 1);
UPDATE_CACHE(re, gb); UPDATE_CACHE(re, gb);
} }
@ -348,16 +350,17 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
buf = 0; buf = 0;
} }
CLOSE_READER(re, gb); buf += (i << k);
return buf + (i << k);
} else if (i == limit - 1) { } else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len); buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len); LAST_SKIP_BITS(re, gb, esc_len);
CLOSE_READER(re, gb);
return buf + 1; buf ++;
} else } else {
return -1; buf = -1;
}
CLOSE_READER(re, gb);
return buf;
} }
} }