From 29f40cc2ac04054b534db798be5e0cb42277fcbc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 28 May 2017 03:18:02 +0200 Subject: [PATCH] avcodec/wnv1: More strict buffer size check This requires at least 25% of a picture to allocate and decode it Fixes: Timeout Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7f50c25124a015a539823077bb302ff0c7ce8963) Signed-off-by: Michael Niedermayer --- libavcodec/wnv1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wnv1.c b/libavcodec/wnv1.c index cbf271afc6..4e5f3ba69a 100644 --- a/libavcodec/wnv1.c +++ b/libavcodec/wnv1.c @@ -68,7 +68,7 @@ static int decode_frame(AVCodecContext *avctx, int prev_y = 0, prev_u = 0, prev_v = 0; uint8_t *rbuf; - if (buf_size <= 8) { + if (buf_size < 8 + avctx->height * (avctx->width/2)/8) { av_log(avctx, AV_LOG_ERROR, "Packet size %d is too small\n", buf_size); return AVERROR_INVALIDDATA; }