RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-03-04 19:48:19 +00:00
Code Issues Projects Releases Wiki Activity

avcodec/wmaprodec: Check packet size

Browse Source 
Fixes: left shift of negative value -25824
Fixes: 27754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5760255962906624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69aeba8a19)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-12-04 00:52:47 +01:00
parent ef2e673f8f
commit 7ed39616ab
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/wmaprodec.c
View File

@ -1719,6 +1719,12 @@ static int decode_packet(AVCodecContext *avctx, WMAProDecodeCtx *s,
} }
} else { } else {
int frame_size; int frame_size;
if (avpkt->size < s->next_packet_start) {
s->packet_loss = 1;
return AVERROR_INVALIDDATA;
}
s->buf_bit_size = (avpkt->size - s->next_packet_start) << 3; s->buf_bit_size = (avpkt->size - s->next_packet_start) << 3;
init_get_bits(gb, avpkt->data, s->buf_bit_size); init_get_bits(gb, avpkt->data, s->buf_bit_size);
skip_bits(gb, s->packet_offset); skip_bits(gb, s->packet_offset);