RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/mobiclip: Check input size before (re)allocation 

Fixes: Timeout
Fixes: 52566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-4913160050311168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2022-11-18 20:54:12 +01:00
parent a798af91d7
commit 93810a625c
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/mobiclip.c
View File

@ -1216,6 +1216,9 @@ static int mobiclip_decode(AVCodecContext *avctx, AVFrame *rframe,
AVFrame *frame = s->pic[s->current_pic];
int ret;
if (avctx->height/16 * (avctx->width/16) * 2 > 8LL*FFALIGN(pkt->size, 2))
return AVERROR_INVALIDDATA;
av_fast_padded_malloc(&s->bitstream, &s->bitstream_size,
pkt->size);