[FFmpeg-devel] [PATCH] avcodec: validate codec parameters in avcodec_parameters_to_context
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Thu Oct 27 23:43:22 EEST 2016
On 27.10.2016 22:14, Michael Niedermayer wrote:
> On Wed, Oct 26, 2016 at 01:59:59AM +0200, Andreas Cadhalpun wrote:
>> Note that the added asserts are triggered by *many* of my fuzzed samples.
>> I'm happy to write patches for these cases, if we achieve agreement
>> that the central check alone is insufficient.
Have you seen this comment?
>> utils.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
>> 1 file changed, 80 insertions(+), 2 deletions(-)
>> 40a8bafecb6d289a4220a27ac411fbcac3204952 0001-avcodec-validate-codec-parameters.patch
>> From f371be7a027da3958e221b4dc88ad558c1489107 Mon Sep 17 00:00:00 2001
>> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> Date: Tue, 25 Oct 2016 01:45:27 +0200
>> Subject: [PATCH] avcodec: validate codec parameters
>>
>> This should reduce the impact of a broken demuxer (or API user) setting bogus
>> codec parameters.
>>
>> The av_assert2 calls should ease detecting broken demuxers.
>
> have you tried a fuzzer ?
> these assertions fail on fuzzed files
>
> Assertion 0 failed at libavcodec/utils.c:4157
> Aborted
> Assertion !((unsigned)par->color_primaries > AVCOL_PRI_NB) failed at libavcodec/utils.c:4161
As noted above, I'm well aware of that.
This just shows how many demuxers currently set bogus values...
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list