From 3d8d3729475c7dce52d8fb9ffb280fd2ea62e1a2 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 10 May 2017 14:33:27 +0200
Subject: [PATCH] avcodec/y41pdec: Fix width in input buffer size check

Fixes: out of array read
Fixes: 1437/clusterfuzz-testcase-minimized-4569970002362368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/y41pdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/y41pdec.c b/libavcodec/y41pdec.c
index 1b177d4262..85a39e4ae2 100644
--- a/libavcodec/y41pdec.c
+++ b/libavcodec/y41pdec.c
@@ -43,7 +43,7 @@ static int y41p_decode_frame(AVCodecContext *avctx, void *data,
     uint8_t *y, *u, *v;
     int i, j, ret;
 
-    if (avpkt->size < 3LL * avctx->height * avctx->width / 2) {
+    if (avpkt->size < 3LL * avctx->height * FFALIGN(avctx->width, 8) / 2) {
         av_log(avctx, AV_LOG_ERROR, "Insufficient input data.\n");
         return AVERROR(EINVAL);
     }