RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/clearvideo: Check buf_size before decoding frame 

Fixes; Timeout
Fixes: 1826/clusterfuzz-testcase-minimized-5728569256837120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2017-05-26 01:37:14 +02:00
parent 8e87d146d7
commit 43c394dcae
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/clearvideo.c
View File

@ -297,6 +297,11 @@ static int clv_decode_frame(AVCodecContext *avctx, void *data,
c->pic->pict_type = frame_type & 0x20 ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P;
if (frame_type & 0x2) {
if (buf_size < c->mb_width * c->mb_height) {
av_log(avctx, AV_LOG_ERROR, "Packet too small\n");
return AVERROR_INVALIDDATA;
}
bytestream2_get_be32(&gb); // frame size;
c->ac_quant = bytestream2_get_byte(&gb);
c->luma_dc_quant = 32;