avcodec/mv30: Check remaining mask in decode_inter()

Fixes: timeout (too long -> 4sec) Fixes: 25129/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5642089713631232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-31 11:53:24 +00:00 · 2020-09-14 00:03:36 +02:00 · 2020-09-14 00:03:36 +02:00 · 142ae27b1d
commit 142ae27b1d
parent c467adf3bf
1 changed files with 6 additions and 1 deletions
--- a/libavcodec/mv30.c
+++ b/libavcodec/mv30.c
@ -531,8 +531,13 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb,
        for (int x = 0; x < avctx->width; x += 16) {
            if (cnt >= 4)
                cnt = 0;
-            if (cnt == 0)
+            if (cnt == 0) {
+                if (get_bits_left(&mask) < 8) {
+                    ret = AVERROR_INVALIDDATA;
+                    goto fail;
+                }
                flags = get_bits(&mask, 8);
+            }

            dst[0] = frame->data[0] + linesize[0] * y + x;
            dst[1] = frame->data[0] + linesize[0] * y + x + 8;