mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-03 05:10:03 +02:00
avcodec/vp3: Do not initialize unused tables for keyframes in unpack_superblock()
Fixes: Timeout (139sec -> 102sec) Fixes: 9642/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-6676767875006464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
7e1add2c51
commit
88e3807aaf
@ -544,8 +544,21 @@ static int unpack_superblocks(Vp3DecodeContext *s, GetBitContext *gb)
|
||||
: s->y_superblock_count);
|
||||
int num_coded_frags = 0;
|
||||
|
||||
if (s->keyframe) {
|
||||
for (i = sb_start; i < sb_end; i++) {
|
||||
/* iterate through all 16 fragments in a superblock */
|
||||
for (j = 0; j < 16; j++) {
|
||||
/* if the fragment is in bounds, check its coding status */
|
||||
current_fragment = s->superblock_fragments[i * 16 + j];
|
||||
if (current_fragment != -1) {
|
||||
s->coded_fragment_list[plane][num_coded_frags++] =
|
||||
current_fragment;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for (i = sb_start; i < sb_end && get_bits_left(gb) > 0; i++) {
|
||||
if (s->keyframe == 0 && get_bits_left(gb) < plane0_num_coded_frags >> 2) {
|
||||
if (get_bits_left(gb) < plane0_num_coded_frags >> 2) {
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
/* iterate through all 16 fragments in a superblock */
|
||||
@ -580,6 +593,7 @@ static int unpack_superblocks(Vp3DecodeContext *s, GetBitContext *gb)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!plane)
|
||||
plane0_num_coded_frags = num_coded_frags;
|
||||
s->total_num_coded_frags += num_coded_frags;
|
||||
|
Loading…
Reference in New Issue
Block a user