RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-04 13:53:26 +00:00
Code Issues Projects Releases Wiki Activity

avcodec/agm: More completely check size before using it

Browse Source 
Fixes: out of array access
Fixes: 13997/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5701427252428800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-04-03 02:12:28 +02:00
parent ee16d14b0a
commit 8e3b01e20e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/agm.c
View File

@ -562,7 +562,8 @@ static int decode_frame(AVCodecContext *avctx, void *data,
for (int i = 0; i < 3; i++)
s->size[i] = bytestream2_get_le32(gbyte);
if (32LL + s->size[0] + s->size[1] + s->size[2] > avpkt->size)
if (s->size[0] < 0 || s->size[1] < 0 || s->size[2] < 0 ||
32LL + s->size[0] + s->size[1] + s->size[2] > avpkt->size)
return AVERROR_INVALIDDATA;
if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)