mirror of https://git.ffmpeg.org/ffmpeg.git
avcodec/hdrdec: Update w in inner loop of decompress()
Fixes: out of array access Fixes: 50936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HDR_fuzzer-5423041009549312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
3993345f91
commit
14e99cb472
|
@ -70,8 +70,8 @@ static int decompress(uint8_t *scanline, int w, GetByteContext *gb, const uint8_
|
||||||
for (int i = run << rshift; i > 0 && w > 0 && scanline >= start + 4; i--) {
|
for (int i = run << rshift; i > 0 && w > 0 && scanline >= start + 4; i--) {
|
||||||
memcpy(scanline, scanline - 4, 4);
|
memcpy(scanline, scanline - 4, 4);
|
||||||
scanline += 4;
|
scanline += 4;
|
||||||
|
w -= 4;
|
||||||
}
|
}
|
||||||
w -= run << rshift;
|
|
||||||
rshift += 8;
|
rshift += 8;
|
||||||
if (rshift > 16)
|
if (rshift > 16)
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue