mirror of
				https://github.com/nyanmisaka/ffmpeg-rockchip.git
				synced 2025-10-26 18:30:52 +08:00 
			
		
		
		
	 1ab0f83b0a
			
		
	
	1ab0f83b0a
	
	
	
		
			
			Fixes: out of array access Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6652634692190208 Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6653703453278208 Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6668020758216704 Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6684749875249152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
		
			
				
	
	
		
			93 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			93 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * WBMP (Wireless Application Protocol Bitmap) image
 | |
|  *
 | |
|  * This file is part of FFmpeg.
 | |
|  *
 | |
|  * FFmpeg is free software; you can redistribute it and/or
 | |
|  * modify it under the terms of the GNU Lesser General Public
 | |
|  * License as published by the Free Software Foundation; either
 | |
|  * version 2.1 of the License, or (at your option) any later version.
 | |
|  *
 | |
|  * FFmpeg is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 | |
|  * Lesser General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU Lesser General Public
 | |
|  * License along with FFmpeg; if not, write to the Free Software
 | |
|  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 | |
|  */
 | |
| 
 | |
| #include "avcodec.h"
 | |
| #include "bytestream.h"
 | |
| #include "codec_internal.h"
 | |
| #include "decode.h"
 | |
| #include "thread.h"
 | |
| 
 | |
| static unsigned int getv(GetByteContext * gb)
 | |
| {
 | |
|     int i;
 | |
|     unsigned int v = 0;
 | |
| 
 | |
|     do {
 | |
|         i = bytestream2_get_byte(gb);
 | |
|         v = (v << 7) | (i & 0x7F);
 | |
|     } while (i & 0x80);
 | |
|     return v;
 | |
| }
 | |
| 
 | |
| static void readbits(uint8_t * dst, int width, int height, int linesize, const uint8_t * src, int size)
 | |
| {
 | |
|     int wpad = (width + 7) / 8;
 | |
|     for (int j = 0; j < height && size > 0; j++) {
 | |
|         memcpy(dst, src, FFMIN(wpad, size));
 | |
|         src += wpad;
 | |
|         size -= wpad;
 | |
|         dst += linesize;
 | |
|     }
 | |
| }
 | |
| 
 | |
| static int wbmp_decode_frame(AVCodecContext *avctx, AVFrame *p,
 | |
|                             int *got_frame, AVPacket *avpkt)
 | |
| {
 | |
|     const uint8_t *buf = avpkt->data;
 | |
|     int buf_size = avpkt->size, width, height, ret;
 | |
|     GetByteContext gb;
 | |
| 
 | |
|     bytestream2_init(&gb, buf, buf_size);
 | |
| 
 | |
|     if (getv(&gb))
 | |
|         return AVERROR_INVALIDDATA;
 | |
|     bytestream2_skip(&gb, 1);
 | |
|     width = getv(&gb);
 | |
|     height = getv(&gb);
 | |
| 
 | |
|     if ((ret = ff_set_dimensions(avctx, width, height)) < 0)
 | |
|         return ret;
 | |
| 
 | |
|     avctx->pix_fmt = AV_PIX_FMT_MONOBLACK;
 | |
|     if ((ret = ff_thread_get_buffer(avctx, p, 0)) < 0)
 | |
|         return ret;
 | |
| 
 | |
|     if (p->linesize[0] == (width + 7) / 8)
 | |
|         bytestream2_get_buffer(&gb, p->data[0], height * ((width + 7) / 8));
 | |
|     else
 | |
|         readbits(p->data[0], width, height, p->linesize[0], gb.buffer, gb.buffer_end - gb.buffer);
 | |
| 
 | |
|     p->key_frame = 1;
 | |
|     p->pict_type = AV_PICTURE_TYPE_I;
 | |
| 
 | |
|     *got_frame   = 1;
 | |
| 
 | |
|     return buf_size;
 | |
| }
 | |
| 
 | |
| const FFCodec ff_wbmp_decoder = {
 | |
|     .p.name         = "wbmp",
 | |
|     CODEC_LONG_NAME("WBMP (Wireless Application Protocol Bitmap) image"),
 | |
|     .p.type         = AVMEDIA_TYPE_VIDEO,
 | |
|     .p.id           = AV_CODEC_ID_WBMP,
 | |
|     .p.capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS,
 | |
|     FF_CODEC_DECODE_CB(wbmp_decode_frame),
 | |
| };
 |