mirror of https://git.ffmpeg.org/ffmpeg.git
avcodec/hq_hqa: Check info size
Fixes: assertion failure
Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cf28521fee
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
b4c08bbd9c
commit
2f5040203b
|
@ -321,7 +321,7 @@ static int hq_hqa_decode_frame(AVCodecContext *avctx, void *data,
|
||||||
int info_size;
|
int info_size;
|
||||||
bytestream2_skip(&ctx->gbc, 4);
|
bytestream2_skip(&ctx->gbc, 4);
|
||||||
info_size = bytestream2_get_le32(&ctx->gbc);
|
info_size = bytestream2_get_le32(&ctx->gbc);
|
||||||
if (bytestream2_get_bytes_left(&ctx->gbc) < info_size) {
|
if (info_size < 0 || bytestream2_get_bytes_left(&ctx->gbc) < info_size) {
|
||||||
av_log(avctx, AV_LOG_ERROR, "Invalid INFO size (%d).\n", info_size);
|
av_log(avctx, AV_LOG_ERROR, "Invalid INFO size (%d).\n", info_size);
|
||||||
return AVERROR_INVALIDDATA;
|
return AVERROR_INVALIDDATA;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue