From a560bdeaccd91b3e368342acff4770d874276c4c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 24 Feb 2017 21:05:33 +0100 Subject: [PATCH] avcodec/vp56: Fix sign typo Fixes: 664/clusterfuzz-testcase-4917047475568640 The change to fate is due to a truncated last frames which is now detected as damaged. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 513a3494396d0a20233273b3cadcb5ee86485d5c) Signed-off-by: Michael Niedermayer --- libavcodec/vp5.c | 2 +- libavcodec/vp6.c | 2 +- tests/ref/fate/vp5 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c index 5a5cbab9a8..0c28157ab0 100644 --- a/libavcodec/vp5.c +++ b/libavcodec/vp5.c @@ -181,7 +181,7 @@ static int vp5_parse_coeff(VP56Context *s) int b, i, cg, idx, ctx, ctx_last; int pt = 0; /* plane type (0 for Y, 1 for U or V) */ - if (c->end >= c->buffer && c->bits >= 0) { + if (c->end <= c->buffer && c->bits >= 0) { av_log(s->avctx, AV_LOG_ERROR, "End of AC stream reached in vp5_parse_coeff\n"); return AVERROR_INVALIDDATA; } diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c index 1d5682b50a..b3f6a5c3ce 100644 --- a/libavcodec/vp6.c +++ b/libavcodec/vp6.c @@ -450,7 +450,7 @@ static int vp6_parse_coeff(VP56Context *s) int b, i, cg, idx, ctx; int pt = 0; /* plane type (0 for Y, 1 for U or V) */ - if (c->end >= c->buffer && c->bits >= 0) { + if (c->end <= c->buffer && c->bits >= 0) { av_log(s->avctx, AV_LOG_ERROR, "End of AC stream reached in vp6_parse_coeff\n"); return AVERROR_INVALIDDATA; } diff --git a/tests/ref/fate/vp5 b/tests/ref/fate/vp5 index 0e601ba811..25bc7aa587 100644 --- a/tests/ref/fate/vp5 +++ b/tests/ref/fate/vp5 @@ -245,4 +245,4 @@ 0, 243, 243, 1, 233472, 0x6f530ac6 0, 244, 244, 1, 233472, 0x94f7466c 0, 245, 245, 1, 233472, 0xa8c1d365 -0, 246, 246, 1, 233472, 0xedcff050 +0, 246, 246, 1, 233472, 0x8843293b