From 78b95530f0a1f04864079614b251b765b1ee77ec Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 3 Jul 2022 14:19:54 +0200
Subject: [PATCH] avcodec/ffv1dec: Check for min packet size

Fixes: Timeout
Fixes: 48619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5793597923917824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/ffv1dec.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 7731c15c87..01ddcaa512 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -879,6 +879,14 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
         p->key_frame = 0;
     }
 
+    if (f->ac != AC_GOLOMB_RICE) {
+        if (buf_size < avctx->width * avctx->height / (128*8))
+            return AVERROR_INVALIDDATA;
+    } else {
+        if (buf_size < avctx->height / 8)
+            return AVERROR_INVALIDDATA;
+    }
+
     ret = ff_thread_get_ext_buffer(avctx, &f->picture, AV_GET_BUFFER_FLAG_REF);
     if (ret < 0)
         return ret;