oss-fuzz reports that libheif is taking too long

strukturag / libheif

libheif is an HEIF and AVIF file format decoder and encoder.

Other

1.72k stars 298 forks source link

oss-fuzz reports that libheif is taking too long #1335

Open bobfriesenhahn opened 3 hours ago

bobfriesenhahn commented 3 hours ago

Via oss-fuzz testing of GraphicsMagick, oss-fuzz has detected what seems like a regression in libheif. Using the rather dated libheif provided with Ubuntu 22.04 LTS, libheif immediately reports "Invalid input: No 'meta' box".

The oss-fuzz issue id is 372815422, and will eventually be visible to all at graphicsmagick:coder_HEIF_fuzzer: Timeout in coder_HEIF_fuzzer.

This is the input file which provokes the issue (with .jpg added to the file name to allow upload here):

clusterfuzz-testcase-minimized-coder_HEIF_fuzzer-5102237891756032 avif

farindk commented 2 hours ago

This apparently was fixed already with 365c08dff.

farindk commented 2 hours ago

And I've added another fix that does not depend on the security limit settings: 7babe2731dc

bobfriesenhahn commented 19 minutes ago

I can close this when oss-fuzz reports that the issue is gone in a few days.