RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-01-08 00:00:49 +00:00
Code Issues Projects Releases Wiki Activity

avcodec/ffv1dec: Check for min packet size

Browse Source 
Fixes: Timeout
Fixes: 48619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5793597923917824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2022-07-03 14:19:54 +02:00
parent ba0c3d1db4
commit 78b95530f0
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/ffv1dec.c
View File

@ -879,6 +879,14 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
p->key_frame = 0;
}
if (f->ac != AC_GOLOMB_RICE) {
if (buf_size < avctx->width * avctx->height / (128*8))
return AVERROR_INVALIDDATA;
} else {
if (buf_size < avctx->height / 8)
return AVERROR_INVALIDDATA;
}
ret = ff_thread_get_ext_buffer(avctx, &f->picture, AV_GET_BUFFER_FLAG_REF);
if (ret < 0)
return ret;