RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/smcenc: make sure ny/nx are >= 0 

(cherry picked from commit 5ad38785e7ad4067a288e9d5e8ce2c4ed2bf584a)

Fixes: out of array read
Fixes: 68939/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-587804104884224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Paul B Mahol 2024-06-18 09:41:37 +02:00 committed by Michael Niedermayer
parent 4a7220bd5c
commit c22488f718
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/smcenc.c
View File

@ -184,8 +184,8 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
const ptrdiff_t offset = xpixel_ptr - src_pixels; const ptrdiff_t offset = xpixel_ptr - src_pixels;
const int sy = offset / stride; const int sy = offset / stride;
const int sx = offset % stride; const int sx = offset % stride;
const int ny = sx < 4 ? sy - 4 : sy; const int ny = sx < 4 ? FFMAX(sy - 4, 0) : sy;
const int nx = sx < 4 ? width - 4 + (width & 3) : sx - 4; const int nx = sx < 4 ? FFMAX(width - 4 + (width & 3), 0) : sx - 4;
const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride; const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride;
int compare = 0; int compare = 0;