diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2024-03-20 23:48:24 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2024-07-16 18:43:15 +0200 |
| commit | 664fbfb9ac55b1714aa4a9804007617393ac7783 (patch) | |
| tree | a0fec629c6dd8db3a5c5141e762e077eaf9000a7 | |
| parent | b248dace929e97b10de17663caab32fbb1c42f0f (diff) | |
| download | ffmpeg-664fbfb9ac55b1714aa4a9804007617393ac7783.tar.gz | |
avcodec/mscc: move frame allocates to later
Fixes: Timeout
Fixes: 66964/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SRGC_fuzzer-5413170363564032
Fixes: 69373/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSCC_fuzzer-5239787748392960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/mscc.c | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/libavcodec/mscc.c b/libavcodec/mscc.c index 2d6f6265bf..6d57f1b622 100644 --- a/libavcodec/mscc.c +++ b/libavcodec/mscc.c @@ -149,28 +149,6 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame, if (avpkt->size < 3) return buf_size; - if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) - return ret; - - if (avctx->pix_fmt == AV_PIX_FMT_PAL8) { - size_t size; - const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, &size); - - if (pal && size == AVPALETTE_SIZE) { -#if FF_API_PALETTE_HAS_CHANGED -FF_DISABLE_DEPRECATION_WARNINGS - frame->palette_has_changed = 1; -FF_ENABLE_DEPRECATION_WARNINGS -#endif - for (j = 0; j < 256; j++) - s->pal[j] = 0xFF000000 | AV_RL32(pal + j * 4); - } else if (pal) { - av_log(avctx, AV_LOG_ERROR, - "Palette size %"SIZE_SPECIFIER" is wrong\n", size); - } - memcpy(frame->data[1], s->pal, AVPALETTE_SIZE); - } - ret = inflateReset(zstream); if (ret != Z_OK) { av_log(avctx, AV_LOG_ERROR, "Inflate reset error: %d\n", ret); @@ -198,6 +176,27 @@ inflate_error: av_log(avctx, AV_LOG_ERROR, "Inflate error: %d\n", ret); return AVERROR_UNKNOWN; } + if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) + return ret; + + if (avctx->pix_fmt == AV_PIX_FMT_PAL8) { + size_t size; + const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, &size); + + if (pal && size == AVPALETTE_SIZE) { +#if FF_API_PALETTE_HAS_CHANGED +FF_DISABLE_DEPRECATION_WARNINGS + frame->palette_has_changed = 1; +FF_ENABLE_DEPRECATION_WARNINGS +#endif + for (j = 0; j < 256; j++) + s->pal[j] = 0xFF000000 | AV_RL32(pal + j * 4); + } else if (pal) { + av_log(avctx, AV_LOG_ERROR, + "Palette size %"SIZE_SPECIFIER" is wrong\n", size); + } + memcpy(frame->data[1], s->pal, AVPALETTE_SIZE); + } bytestream2_init(&gb, s->decomp_buf, zstream->total_out); bytestream2_init_writer(&pb, s->uncomp_buf, s->uncomp_size); |