From cfec0d64752509f8ac798acca6225df630fa5284 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 24 May 2017 19:52:00 +0200 Subject: [PATCH] avcodec/cllc: Check bitstream end before decoding pixels Fixes timeout Fixes: 1802/clusterfuzz-testcase-minimized-5008293510512640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/cllc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/cllc.c b/libavcodec/cllc.c index 933144ae81..af0f6da2e9 100644 --- a/libavcodec/cllc.c +++ b/libavcodec/cllc.c @@ -429,6 +429,9 @@ static int cllc_decode_frame(AVCodecContext *avctx, void *data, coding_type = (AV_RL32(src) >> 8) & 0xFF; av_log(avctx, AV_LOG_DEBUG, "Frame coding type: %d\n", coding_type); + if(get_bits_left(&gb) < avctx->height * avctx->width) + return AVERROR_INVALIDDATA; + switch (coding_type) { case 0: avctx->pix_fmt = AV_PIX_FMT_YUV422P;