mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2025-01-10 09:09:50 +00:00
avcodec/dds: Use ff_set_dimensions()
Fixes: signed integer overflow: 2082471995 * 36 cannot be represented in type 'int'
Fixes: 16025/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DDS_fuzzer-5136663778426880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cd1e939cf
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
4d7bbeb164
commit
3520590810
@ -613,6 +613,7 @@ static int dds_decode(AVCodecContext *avctx, void *data,
|
||||
AVFrame *frame = data;
|
||||
int mipmap;
|
||||
int ret;
|
||||
int width, height;
|
||||
|
||||
ff_texturedsp_init(&ctx->texdsp);
|
||||
bytestream2_init(gbc, avpkt->data, avpkt->size);
|
||||
@ -631,9 +632,9 @@ static int dds_decode(AVCodecContext *avctx, void *data,
|
||||
|
||||
bytestream2_skip(gbc, 4); // flags
|
||||
|
||||
avctx->height = bytestream2_get_le32(gbc);
|
||||
avctx->width = bytestream2_get_le32(gbc);
|
||||
ret = av_image_check_size(avctx->width, avctx->height, 0, avctx);
|
||||
height = bytestream2_get_le32(gbc);
|
||||
width = bytestream2_get_le32(gbc);
|
||||
ret = ff_set_dimensions(avctx, width, height);
|
||||
if (ret < 0) {
|
||||
av_log(avctx, AV_LOG_ERROR, "Invalid image size %dx%d.\n",
|
||||
avctx->width, avctx->height);
|
||||
|
Loading…
Reference in New Issue
Block a user