RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-01-21 14:53:10 +00:00
Code Issues Projects Releases Wiki Activity

avcodec/vmixdec: Check for end of input in decode_dcac()

Browse Source 
Fixes: Timeout
Fixes: 59952/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMIX_fuzzer-6718213736759296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2023-07-23 18:48:54 +02:00
parent d48476183f
commit d5cc9d8dd9
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/vmixdec.c
View File

@ -115,6 +115,8 @@ static int decode_dcac(AVCodecContext *avctx,
if (dc_run > 0) { if (dc_run > 0) {
dc_run--; dc_run--;
} else { } else {
if (get_bits_left(dc_gb) < 1)
return AVERROR_INVALIDDATA;
dc_v = get_se_golomb_vmix(dc_gb); dc_v = get_se_golomb_vmix(dc_gb);
dc += (unsigned)dc_v; dc += (unsigned)dc_v;
if (!dc_v) if (!dc_v)
@ -127,6 +129,8 @@ static int decode_dcac(AVCodecContext *avctx,
continue; continue;
} }
if (get_bits_left(ac_gb) < 1)
return AVERROR_INVALIDDATA;
ac_v = get_se_golomb_vmix(ac_gb); ac_v = get_se_golomb_vmix(ac_gb);
i = scan[n]; i = scan[n];
block[i] = ((unsigned)ac_v * factors[i]) >> 4; block[i] = ((unsigned)ac_v * factors[i]) >> 4;