Skip to content
Snippets Groups Projects
Commit 3ab1311a authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files

avcodec/golomb: Consume invalid data in get_ur_golomb_jpegls()

Fixes slow loops on fuzzed data
Fixes: 245/fuzz-3-ffmpeg_AUDIO_AV_CODEC_ID_FLAC_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg


Signed-off-by: default avatarMichael Niedermayer <michael@niedermayer.cc>
parent 445204cd
No related branches found
No related tags found
No related merge requests found
...@@ -325,8 +325,10 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit, ...@@ -325,8 +325,10 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
} else { } else {
int i; int i;
for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) { for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) {
if (gb->size_in_bits <= re_index) if (gb->size_in_bits <= re_index) {
CLOSE_READER(re, gb);
return -1; return -1;
}
LAST_SKIP_BITS(re, gb, 1); LAST_SKIP_BITS(re, gb, 1);
UPDATE_CACHE(re, gb); UPDATE_CACHE(re, gb);
} }
...@@ -348,16 +350,17 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit, ...@@ -348,16 +350,17 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
buf = 0; buf = 0;
} }
CLOSE_READER(re, gb); buf += (i << k);
return buf + (i << k);
} else if (i == limit - 1) { } else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len); buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len); LAST_SKIP_BITS(re, gb, esc_len);
CLOSE_READER(re, gb);
return buf + 1; buf ++;
} else } else {
return -1; buf = -1;
}
CLOSE_READER(re, gb);
return buf;
} }
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment